ELBA-2026-65539
- ULN >
- Oracle Linux Errata repository >
- ELBA-2026-65539
ELBA-2026-65539 - proftpd Bug Fix update
| Type: | BUG |
| Impact: | NA |
| Release Date: | 2026-05-12 |
Description
[1.3.9a-1]
- Update to 1.3.9a
- SCP transfers failed for files with spaces in their names (GH#1886)
- LDAPDefaultGID ignored since 1.3.9 (GH#1898)
- Compilation of mod_wrap2 failed when the --enable-wrapper-options configure
option was used (Bug #4512)
- mod_sftp failed to parse authorized user/host public keys with CRLF line
endings (GH#1904)
- Uploads using MODE Z sometimes resulted in corrupted files or broken
transfers (GH#1896)
- Remove usage of the deprecated MySQL_OPT_RECONNECT option for newer MySQL
versions (GH#1911)
- Update usage of MySQL API for SSL/TLS connections to server (GH#340)
- mod_sftp leaked file descriptor when reading SFTPHostKey file (GH#1959)
- Large/slow SCP downloads could be unnecessarily truncated by TimeoutStalled
(GH#1964)
- Handling of CRLs in mod_tls was incorrect, leading to confusing errors
(GH#1960)
- Resumed SSL_SESSION management in mod_tls lead to memory growth, infinite
loop using newer OpenSSL versions (GH#1963)
- mod_quotatab_ldap interactions could lead to segfault due to stale pointer
(GH#1984)
- RNTO before authentication lead to out-of-order response codes (GH#2003)
- MaxLoginAttemptsFromUser event never triggered in mod_ban for SFTP sessions
(GH#2009)
- Using toupper(3) on non-ASCII FTP command bytes might cause remote DoS
(GH#2019)
- Out-of-bounds single byte read when FTP command input buffer starts with LF
(GH#2020)
- FTP command LIST/NLST -B could cause buffer overflow when listing certain
crafted filenames (GH#2030)
- Memory exhaustion with mod_log_forensic when downloading very large files
via SFTP (GH#2043)
- Setting process groups during authentication crashed when using mod_radius
and
- SQL injection possible via mod_sql because of is_escaped_text() logic error
(GH#2052, CVE-2026-42167)
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 10 (x86_64) | proftpd-1.3.9a-1.el10_1.src.rpm | 214bc0583dac8fb06d94045ab9dacd211b4eaf202a6c14f9581fb5e5e640db21 | - | ol10_x86_64_u1_developer_EPEL |
| proftpd-1.3.9a-1.el10_1.x86_64.rpm | f8291870cd72677ed070241b7006218bd1c5ef9745fdbf4b21f13899b3bc0875 | - | ol10_x86_64_u1_developer_EPEL | |
| proftpd-devel-1.3.9a-1.el10_1.x86_64.rpm | 1d21f7d8952627754df5254f20e420b8a46cef2c6f6ff455b25db41e350d433e | - | ol10_x86_64_u1_developer_EPEL | |
| proftpd-ldap-1.3.9a-1.el10_1.x86_64.rpm | 0bfb926b7cdb4fc0ef169a4b71bc2801a8add0fd82c69e523390bdf8cfcd06f3 | - | ol10_x86_64_u1_developer_EPEL | |
| proftpd-mysql-1.3.9a-1.el10_1.x86_64.rpm | 8360abc0438a3b628feb851e50875452edf6bfe68792fb6385cc7cda4e9633e1 | - | ol10_x86_64_u1_developer_EPEL | |
| proftpd-postgresql-1.3.9a-1.el10_1.x86_64.rpm | f44f8de03649183dc7b81058b91ddfd3efa632b7f34ffb640226ffaf301ee253 | - | ol10_x86_64_u1_developer_EPEL | |
| proftpd-proxy-1.3.9a-1.el10_1.x86_64.rpm | 7e2fee4c219a92dce83d9aa128fd1b76c258d1bf7ea18414622ed17326e2ab1a | - | ol10_x86_64_u1_developer_EPEL | |
| proftpd-sqlite-1.3.9a-1.el10_1.x86_64.rpm | b316d18c3f2e1ec9505ba9c297e8e4bb90349c4934239b72fd416b4abb5a61d3 | - | ol10_x86_64_u1_developer_EPEL | |
| proftpd-utils-1.3.9a-1.el10_1.x86_64.rpm | fbff199000365f78b000778ac869e8228c830146501ca278f53388a9aa865863 | - | ol10_x86_64_u1_developer_EPEL | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
