ELSA-2008-0295

ELSA-2008-0295 - vsftpd security and bug fix update

Type:	SECURITY
Impact:	LOW
Release Date:	2008-05-30

Description

[2.0.5-12]
- fix CVE-2007-5962: vsftpd memory leak when deny_file option is set
- Resolves: #423001

[2.0.5-11]
- add new option to log login failures based on user list
- Resolves: #345791
- fix user_config_dir option
- Resolves: #400921
- allow usernames starting with '_' or '.'
- Resolves: #386561
- fix the write/race condition when uploading files simultaneously
- Resolves: #240553
- fix the bug that causes every new file stored with STOU to have a prefix '.1'
- Resolves: #392231
- make vsftpd wildcard matching more greedy
- Resolves: #392181

Related CVEs

CVE-2007-5962

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 5 (i386)	vsftpd-2.0.5-12.el5.src.rpm	5d84e6ea3af7e6ae6b4c39755761bec41f7393f382a4f4f65c5426529a55e7fb	ELBA-2012-0537	el5_u2_i386_base
	vsftpd-2.0.5-12.el5.src.rpm	5d84e6ea3af7e6ae6b4c39755761bec41f7393f382a4f4f65c5426529a55e7fb	ELBA-2012-0537	el5_u3_i386_base
	vsftpd-2.0.5-12.el5.i386.rpm	85504e2ff2645125fc46dc525d6e312a3d8126bbf3cc0aa032ee334ba6f6c468	ELBA-2012-0537	el5_u2_i386_base
	vsftpd-2.0.5-12.el5.i386.rpm	85504e2ff2645125fc46dc525d6e312a3d8126bbf3cc0aa032ee334ba6f6c468	ELBA-2012-0537	el5_u3_i386_base
Oracle Linux 5 (x86_64)	vsftpd-2.0.5-12.el5.src.rpm	5d84e6ea3af7e6ae6b4c39755761bec41f7393f382a4f4f65c5426529a55e7fb	ELBA-2012-0537	el5_u2_x86_64_base
	vsftpd-2.0.5-12.el5.src.rpm	5d84e6ea3af7e6ae6b4c39755761bec41f7393f382a4f4f65c5426529a55e7fb	ELBA-2012-0537	el5_u3_x86_64_base
	vsftpd-2.0.5-12.el5.x86_64.rpm	6f663e47f7e073268be2ba4dab636bf627c452cbdf8d7f9e2a310050d587e293	ELBA-2012-0537	el5_u2_x86_64_base
	vsftpd-2.0.5-12.el5.x86_64.rpm	6f663e47f7e073268be2ba4dab636bf627c452cbdf8d7f9e2a310050d587e293	ELBA-2012-0537	el5_u3_x86_64_base

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team