OOPS Development Organization Linux Distribution AnNyung Official Homepage

AnNyung Official Homepage

Home > Update [ 1.3 ]

HOME
What is AnNyung
Documents
Packages System
White Paper
Download
Update
  . 2.x [RSS]
  . 1.3 [RSS]
  . 1.2 [RSS]
  . 1.1 [RSS]
  . 1.0 [RSS]
FAQ
Hardware
RoadMap
Gallery

proftpd 보안 업데이트

Web Browser 로는 FTP 접속이 불가능 합니다.

문서번호 : 1302610873
업데이트 : 2011.04.12


상세내용

1.3.3e-1 업데이트

- KR user group patch
- Bug 3757 - Process privileges may not handled properly when
  --enable-autoshadow is used.
- Bug 3544 - mod_sftp closes channel too early after scp download. This
  manifests as "lost connection" using OpenSSH's scp(1).
- Bug 3579 - mod_sftp_pam may tell client to disable echoing erroneously.
- Bug 3586 - mod_sftp behaves badly when receiving badly formed SSH messages.
- Bug 3593 - Using " " in prxs does not work for all shells.
- Bug 3538 - WrapAllowMsg directive broken due to Bug#3423.
- Bug 3607 - SocketOptions receive/send buffer size parameters no longer work.
- Bug 3606 - mod_wrap2 needs to support netmask rules for IPv6 addresses.
- Bug 3612 - APPE/STOU upload flags erroneously preserved across upload
  commands.
- Bug 3614 - Malicious module can use sreplace() function to overflow buffer.
- Bug 3619 - Exiting sessions don't seem to die properly.
- Bug 3622 - mod_delay sometimes logs "unable to load DelayTable into memory".
- Bug 3624 - Plaintext command injection in FTPS support.
- Bug 3625 - mod_ifsession rules using regular expressions do not work.
- Bug 3623 - Truncated client name saved in ScoreboardFile.
- Bug 3627 - %w variable populated with non-absolute path in SQLLog statement.
- Bug 3628 - Unnecessarily verbose "warning: unable to throttle bandwidth:
  Interrupted system call".
- Bug 3630 - SSH DISCONNECT messages sent by mod_sftp even for FTP connections
  in some cases. (CVE-2011-1137)
- Bug 3632 - mod_sql should log "unrecoverable database error" at a higher
  priority.
- Bug 3610 - Proftpd is eating CPU when reparsing configuration file on SIGHUP.
- Bug 3634 - Incorrect generation of DSA signature for SSH sessions.

. Security Issue

CVE-2011-113
Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and
earlier allows remote attackers to cause a denial of service (memory
consumption leading to OOM kill) via a malformed SSH message.


Autoupdates 지원 : 지원
  pkgsysupdate
  pkgadd -F proftpd-devel


update 패키지

  RPMS :

    . proftpd-1.3.3e-1.i686.rpm
    . proftpd-devel-1.3.3e-1.i686.rpm

  SRPMS :

    . proftpd-1.3.3e-1.src.rpm


참고 :
http://bugs.proftpd.org/show_bug.cgi?id=3586
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1137

Home > Update [ 1.3 ]