ELSA-2008-0295

ELSA-2008-0295 - vsftpd security and bug fix update

Type:SECURITY
Severity:LOW
Release Date:2008-05-30

Description


[2.0.5-12]
- fix CVE-2007-5962: vsftpd memory leak when deny_file option is set
- Resolves: #423001

[2.0.5-11]
- add new option to log login failures based on user list
- Resolves: #345791
- fix user_config_dir option
- Resolves: #400921
- allow usernames starting with '_' or '.'
- Resolves: #386561
- fix the write/race condition when uploading files simultaneously
- Resolves: #240553
- fix the bug that causes every new file stored with STOU to have a prefix '.1'
- Resolves: #392231
- make vsftpd wildcard matching more greedy
- Resolves: #392181


Related CVEs


CVE-2007-5962

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 5 (i386) vsftpd-2.0.5-12.el5.src.rpm252641d0bc9350ab8986bea842b17e07ELBA-2012-0537
vsftpd-2.0.5-12.el5.i386.rpm50f5a5661fad26576f81d8d44bb501fbELBA-2012-0537
Oracle Linux 5 (x86_64) vsftpd-2.0.5-12.el5.src.rpm252641d0bc9350ab8986bea842b17e07ELBA-2012-0537
vsftpd-2.0.5-12.el5.x86_64.rpmf376be1cd65c92ede071aa70c3e3fb26ELBA-2012-0537



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete