ELBA-2021-17116
- ULN >
- Oracle Linux Errata repository >
- ELBA-2021-17116
ELBA-2021-17116 - proftpd Bug Fix update
| Type: | BUG |
| Severity: | NA |
| Release Date: | 2021-09-17 |
Description
[1.3.5e-11]
- Fix memory disclosure to RADIUS servers by mod_radius (#2001690)
https://github.com/proftpd/proftpd/issues/1284
https://github.com/proftpd/proftpd/pull/1285
[1.3.5e-10]
- Fix null pointer dereference for invalid SCP command by passing the
correct argument count to getopt(3)
https://github.com/proftpd/proftpd/issues/1043
https://github.com/proftpd/proftpd/pull/1044
https://bugzilla.redhat.com/show_bug.cgi?id=1878869
[1.3.5e-9]
- Fix use-after-free vulnerability in memory pools during data transfer
(CVE-2020-9273, https://github.com/proftpd/proftpd/issues/903)
- mod_sftp: When handling the 'keyboard-interactive' authentication mechanism,
as used for (e.g.) PAM, make sure to properly handle DEBUG, IGNORE,
DISCONNECT, and UNIMPLEMENTED messages, per RFC 4253
http://bugs.proftpd.org/show_bug.cgi?id=4385
[1.3.5e-8]
- Fix handling of CRL lookups by properly using issuer for lookups, and
guarding against null pointers (GH#858, GH#859, GH#860, GH#861,
CVE-2019-19269, CVE-2019-19270, CVE-2019-19271, CVE-2019-19272)
[1.3.5e-7]
- Fix build compatibility with MySQL 8 (#1764401)
https://github.com/proftpd/proftpd/issues/824
https://github.com/proftpd/proftpd/pull/825
[1.3.5e-6]
- Fixed pre-authentication remote denial-of-service issue
(CVE-2019-18217, https://github.com/proftpd/proftpd/issues/846)
[1.3.5e-5]
- An arbitrary file copy vulnerability in mod_copy in ProFTPD allowed for
remote code execution and information disclosure without authentication
(CVE-2019-12815)
http://bugs.proftpd.org/show_bug.cgi?id=4372
https://github.com/proftpd/proftpd/pull/816
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
| Oracle Linux 7 (aarch64) | proftpd-1.3.5e-11.el7.src.rpm | 11b666a91d1bfd3244d8d268bf956a18 | - |
| proftpd-1.3.5e-11.el7.aarch64.rpm | f6395f894952c3d847c2ea2f9e5b883c | - | |
| proftpd-devel-1.3.5e-11.el7.aarch64.rpm | c75c3c9a938e3026517ac4e1e3e77ff9 | - | |
| proftpd-ldap-1.3.5e-11.el7.aarch64.rpm | fa975bdf02bfb063973a26f983c071db | - | |
| proftpd-mysql-1.3.5e-11.el7.aarch64.rpm | b6acb66a661fb1adcd6f5d731c39d199 | - | |
| proftpd-postgresql-1.3.5e-11.el7.aarch64.rpm | 0aa98b4f2aaa1a4129a4259401183337 | - | |
| proftpd-sqlite-1.3.5e-11.el7.aarch64.rpm | 8c572990b6b5e9bea83dad8c31dd35a9 | - | |
| proftpd-utils-1.3.5e-11.el7.aarch64.rpm | 0a05707b92ee8b2610957fbbd13c13bf | - | |
| Oracle Linux 7 (x86_64) | proftpd-1.3.5e-11.el7.src.rpm | 11b666a91d1bfd3244d8d268bf956a18 | - |
| proftpd-1.3.5e-11.el7.x86_64.rpm | d66f069be96991b34a104e44a6281dd3 | - | |
| proftpd-devel-1.3.5e-11.el7.x86_64.rpm | 62cee1ed3d6d17c319301e84479dde7f | - | |
| proftpd-ldap-1.3.5e-11.el7.x86_64.rpm | 896e70b56ff813ae18d9eab03894f240 | - | |
| proftpd-mysql-1.3.5e-11.el7.x86_64.rpm | 8607a120819a964c2678086b1546b907 | - | |
| proftpd-postgresql-1.3.5e-11.el7.x86_64.rpm | 6724a37758513ca35fecffe754d9d8af | - | |
| proftpd-sqlite-1.3.5e-11.el7.x86_64.rpm | b19015146a8f8c9d52da20caa7bfd067 | - | |
| proftpd-utils-1.3.5e-11.el7.x86_64.rpm | f3a91248705949d1c712e9d3a5780676 | - | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
