proftpd 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1302610873
업데이트 : 2011.04.12
상세내용
1.3.3e-1 업데이트
- KR user group patch
- Bug 3757 - Process privileges may not handled properly when
--enable-autoshadow is used.
- Bug 3544 - mod_sftp closes channel too early after scp download. This
manifests as "lost connection" using OpenSSH's scp(1).
- Bug 3579 - mod_sftp_pam may tell client to disable echoing erroneously.
- Bug 3586 - mod_sftp behaves badly when receiving badly formed SSH messages.
- Bug 3593 - Using " " in prxs does not work for all shells.
- Bug 3538 - WrapAllowMsg directive broken due to Bug#3423.
- Bug 3607 - SocketOptions receive/send buffer size parameters no longer work.
- Bug 3606 - mod_wrap2 needs to support netmask rules for IPv6 addresses.
- Bug 3612 - APPE/STOU upload flags erroneously preserved across upload
commands.
- Bug 3614 - Malicious module can use sreplace() function to overflow buffer.
- Bug 3619 - Exiting sessions don't seem to die properly.
- Bug 3622 - mod_delay sometimes logs "unable to load DelayTable into memory".
- Bug 3624 - Plaintext command injection in FTPS support.
- Bug 3625 - mod_ifsession rules using regular expressions do not work.
- Bug 3623 - Truncated client name saved in ScoreboardFile.
- Bug 3627 - %w variable populated with non-absolute path in SQLLog statement.
- Bug 3628 - Unnecessarily verbose "warning: unable to throttle bandwidth:
Interrupted system call".
- Bug 3630 - SSH DISCONNECT messages sent by mod_sftp even for FTP connections
in some cases. (CVE-2011-1137)
- Bug 3632 - mod_sql should log "unrecoverable database error" at a higher
priority.
- Bug 3610 - Proftpd is eating CPU when reparsing configuration file on SIGHUP.
- Bug 3634 - Incorrect generation of DSA signature for SSH sessions.
. Security Issue
CVE-2011-113
Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and
earlier allows remote attackers to cause a denial of service (memory
consumption leading to OOM kill) via a malformed SSH message.
Autoupdates 지원 : 지원
pkgsysupdate
pkgadd -F proftpd-devel
update 패키지
RPMS :
. proftpd-1.3.3e-1.i686.rpm
. proftpd-devel-1.3.3e-1.i686.rpm
SRPMS :
. proftpd-1.3.3e-1.src.rpm
참고 :
http://bugs.proftpd.org/show_bug.cgi?id=3586
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1137
|