Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 4635-1] proftpd-dfsg security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4635-1] proftpd-dfsg security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Salvatore Bonaccorso <carnil AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 4635-1] proftpd-dfsg security update
  • Date: Wed, 26 Feb 2020 22:46:20 +0000
  • List-archive: https://lists.debian.org/msgid-search/E1j75Rc-0006Dq-Of AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-return-path: <carnil AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Wed, 26 Feb 2020 22:46:38 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <kEal-UhYZoF.A.-rH.OVvVeB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4635-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
February 26, 2020 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : proftpd-dfsg
CVE ID : CVE-2020-9273
Debian Bug : 951800

Antonio Morales discovered an user-after-free flaw in the memory pool
allocator in ProFTPD, a powerful modular FTP/SFTP/FTPS server.
Interrupting current data transfers can corrupt the ProFTPD memory pool,
leading to denial of service, or potentially the execution of arbitrary
code.

For the oldstable distribution (stretch), this problem has been fixed
in version 1.3.5b-4+deb9u4.

For the stable distribution (buster), this problem has been fixed in
version 1.3.6-4+deb10u4.

We recommend that you upgrade your proftpd-dfsg packages.

For the detailed security status of proftpd-dfsg please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/proftpd-dfsg

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl5W9SVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QtFhAAmyPdXWZvQztGTqvZrGRIUgQ9pklUva9IFsuBt5pLwHdWPRn1VvUGgKX4
aIQHZvvg/5hmsZv4C5nh8FMdU6MDa87rMO86oJYjQSimAmi16L3ydWgoa8OfQ3kj
5Z+4+yU1Mum00Su5Gw0qXozkHbTcRvMvr4fNcMcjXku9nUxTrz9bwb+bYSqRRq7K
7IEqTTLyrq/a8pHBvBz86+Zn0nvOqQTnGW0O3vQORO4+dMUBoL5DRCC9B3eK3NfB
hNcSUuC1aChqiLTlik0hmuwK5UxyPdSDn56jAFA3aBS0ArNp5lUCim/WbuAFDGy+
jy2kwYj2dlcvV/h7larptqbMTw3mkymv4sgWVjE9FcuwuqYDtcFZo8oTd2/pqyZC
zVUgcihwPTGdtPd2yYGzyPcyi2OrlVYCcWxpDf1ePRV5bRVTF4PA5uHvBjtFb6vr
YLcZkkcLSCpVMB3rP8eWlUp5tSbqCAt7l2wr6Zy9Ul4PNXTtGS9IX1y456mZlZLP
p3Oip8KHbmcH85WjJBw2HN6ECb8CJYKleCTbP9CoZBGBaBc48Qg/mAhi98cvX58b
Z9BAM1duW3JDAbx7yV1CXpaDaXLfkv71aPv/CqZC4TIi0htMHWjysLMtt/9b8hR4
oiz7HILVWGjvaIzGScEqOK3XumvHz5XDG2LmwcPVJ0oWCGQVfRI=
=pzZt
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 4635-1] proftpd-dfsg security update, Salvatore Bonaccorso, 26.02.2020

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang