- ------------------------------------------------------------------------
Debian Security Advisory DSA-1925-1                  security@debian.org
http://www.debian.org/security/                      Steffen Joeris
October 31, 2009                      http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : proftpd-dfsg
Vulnerability  : insufficient input validation
Problem type   : remote
Debian-specific: no
CVE Id         : CVE-2009-3639

It has been discovered that proftpd-dfsg, a virtual-hosting FTP daemon,
does not properly handle a '\0' character in a domain name in the
Subject Alternative Name field of an X.509 client certificate, when the
dNSNameRequired TLS option is enabled.


For the stable distribution (lenny), this problem has been fixed in
version 1.3.1-17lenny4.

For the oldstable distribution (etch), this problem has been fixed in
version 1.3.0-19etch3.

Binaries for the amd64 architecture will be released once they are
available.

For the testing distribution (squeeze) and the unstable distribution
(sid), this problem has been fixed in version 1.3.2a-2.


We recommend that you upgrade your proftpd-dfsg packages.


Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

      Size/MD5 checksum:  1905969 38528feb0ffb9bd88db6f175d6020b8d
      Size/MD5 checksum:      872 0bd9359e5bf664360be0c144225649b2

Architecture independent packages:

      Size/MD5 checksum:   162748 5608f61ea367720d306635309b85d6bc
      Size/MD5 checksum:   162748 e16562c92cdc0f0c344ded50f5916d36
      Size/MD5 checksum:   162752 98b538acf18e6c6a7fedfcaab1a35dee
      Size/MD5 checksum:   492828 eb6950dbd7f5a48fea262fa373224d01

alpha architecture (DEC Alpha)

      Size/MD5 checksum:   997748 b6db8df62a1a19529b8a75cd3965c61c

arm architecture (ARM)

      Size/MD5 checksum:   803396 01f586c57a9df10f764b1250182aaf4a

hppa architecture (HP PA RISC)

      Size/MD5 checksum:   936038 662b6032362df105994979458344e4c5

i386 architecture (Intel ia32)

      Size/MD5 checksum:   798022 44f0f80e230c4f86e12daf20129ec636

ia64 architecture (Intel ia64)

      Size/MD5 checksum:  1188390 9e68db2aa07f4f477e050f961e766bd5

mips architecture (MIPS (Big Endian))

      Size/MD5 checksum:   856696 0a9f117d838b1b612d05c88ac76caed4

mipsel architecture (MIPS (Little Endian))

      Size/MD5 checksum:   856038 3b04229098a901c9b4de298443af7aff

sparc architecture (Sun SPARC/UltraSPARC)

      Size/MD5 checksum:   830844 08971c1104010e23c01d52b343b11f56

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

      Size/MD5 checksum:     1349 825576201541f76cbc1dcab44bae9e61
      Size/MD5 checksum:   103691 8b4252ad95f772b66b7dd06d60a1bfa6
      Size/MD5 checksum:  2662056 da40b14c5b8ec5467505c98b4ee4b7b9

Architecture independent packages:

      Size/MD5 checksum:  1256500 001a1754365940758a4ec97ead34fb34
      Size/MD5 checksum:   195088 1951485bf96a4a688495c5ebfa050749

alpha architecture (DEC Alpha)

      Size/MD5 checksum:   215366 e95e97a49984acf80828d18da59c72e9
      Size/MD5 checksum:   783554 921f2efef6cc2fc8688bcbb6ca9d8b59
      Size/MD5 checksum:   204746 ab8e55b37a646a496bb122e32d90b067
      Size/MD5 checksum:   204640 5e3dc3781500c2c5a577e39ec4446d75

arm architecture (ARM)

      Size/MD5 checksum:   214036 187789bcd2eb7d18e6ff207b296011db
      Size/MD5 checksum:   203356 c6ac828e324d4cd79675d893b2b9af4c
      Size/MD5 checksum:   203202 465de4f3bc6b6532208a22ba96a2a7f9
      Size/MD5 checksum:   699814 f463140d95df55d8cd301c567878e397

armel architecture (ARM EABI)

      Size/MD5 checksum:   213884 8b1501c1cfa5a61c6af8ca3c121dddda
      Size/MD5 checksum:   705542 f03e97c4a517b1b44af58eeba70d9db3
      Size/MD5 checksum:   203634 68c067db2619d26b9544688d1e9e7e8b
      Size/MD5 checksum:   203526 43efcc97292d5d0545748c6210a32689

hppa architecture (HP PA RISC)

      Size/MD5 checksum:   216732 a718ff67e4b488ef3052e6a1045c89f5
      Size/MD5 checksum:   764824 fe6033f5797b6a163ed8ce552eb7182a
      Size/MD5 checksum:   205296 a675af7ef1807e1e7f8cdacabf28a9c9
      Size/MD5 checksum:   205144 3644789a8d2e181cfdac74a2a80ac85e

i386 architecture (Intel ia32)

      Size/MD5 checksum:   203274 aaebf117359a3d9da24ad44d54b92370
      Size/MD5 checksum:   203216 0b22db02bddba0d783049e83311526a5
      Size/MD5 checksum:   688914 f7088094d696ab673f9e91631adc3bb6
      Size/MD5 checksum:   212408 262af8522ecd16b57c11af409db528cb

ia64 architecture (Intel ia64)

      Size/MD5 checksum:   980974 8ab9bfd7088b9740a27a54760059b3e9
      Size/MD5 checksum:   222164 3ac1225c263d2678563fe0fa63a37cde
      Size/MD5 checksum:   207428 c2a8edc2d5f2943034ccadf0c6d67c21
      Size/MD5 checksum:   207274 0c4d9685cfe8479fcb24ef7eb86f301d

mips architecture (MIPS (Big Endian))

      Size/MD5 checksum:   212246 f90b614ab734af4e75cb15d45d7571bd
      Size/MD5 checksum:   691796 c2caa9adce6dd3d44c53a91e6c7b7e88
      Size/MD5 checksum:   203262 f4947609b2a1e3b1016ff6a9b7c21d4c
      Size/MD5 checksum:   203344 27701f545ffd35ec7fccf456a91a34ce

mipsel architecture (MIPS (Little Endian))

      Size/MD5 checksum:   203266 566d885e4619eae83a3986cac1a28ad7
      Size/MD5 checksum:   203412 62a1ae565c42e326ae2a129add355155
      Size/MD5 checksum:   689126 f87ca4149400a5ac5bc3e17f149170b8
      Size/MD5 checksum:   211804 6a32fca4e5b5cb68821670a0f59aa5ad

sparc architecture (Sun SPARC/UltraSPARC)

      Size/MD5 checksum:   203744 e11aedfb13f8c65a7866b3aa35a35780
      Size/MD5 checksum:   701992 1bb07d6070f54a0f84d237bb353c1149
      Size/MD5 checksum:   203486 583c76972206a115b83c6af5f700727a
      Size/MD5 checksum:   213718 59f82a39914654ba2a32ce50613dc83a


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp:  dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

Debian: DSA-1925-1: New proftpd-dfsg packages fix SSL certificate verification weakness

November 1, 2009
It has been discovered that proftpd-dfsg, a virtual-hosting FTP daemon, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509...

Summary


For the stable distribution (lenny), this problem has been fixed in
version 1.3.1-17lenny4.

For the oldstable distribution (etch), this problem has been fixed in
version 1.3.0-19etch3.

Binaries for the amd64 architecture will be released once they are
available.

For the testing distribution (squeeze) and the unstable distribution
(sid), this problem has been fixed in version 1.3.2a-2.


We recommend that you upgrade your proftpd-dfsg packages.


Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch

Debian GNU/Linux 5.0 alias lenny

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

Size/MD5 checksum: 1905969 38528feb0ffb9bd88db6f175d6020b8d
Size/MD5 checksum: 872 0bd9359e5bf664360be0c144225649b2

Architecture independent packages:

Size/MD5 checksum: 162748 5608f61ea367720d306635309b85d6bc
Size/MD5 checksum: 162748 e16562c92cdc0f0c344ded50f5916d36
Size/MD5 checksum: 162752 98b538acf18e6c6a7fedfcaab1a35dee
Size/MD5 checksum: 492828 eb6950dbd7f5a48fea262fa373224d01

alpha architecture (DEC Alpha)

Size/MD5 checksum: 997748 b6db8df62a1a19529b8a75cd3965c61c

arm architecture (ARM)

Size/MD5 checksum: 803396 01f586c57a9df10f764b1250182aaf4a

hppa architecture (HP PA RISC)

Size/MD5 checksum: 936038 662b6032362df105994979458344e4c5

i386 architecture (Intel ia32)

Size/MD5 checksum: 798022 44f0f80e230c4f86e12daf20129ec636

ia64 architecture (Intel ia64)

Size/MD5 checksum: 1188390 9e68db2aa07f4f477e050f961e766bd5

mips architecture (MIPS (Big Endian))

Size/MD5 checksum: 856696 0a9f117d838b1b612d05c88ac76caed4

mipsel architecture (MIPS (Little Endian))

Size/MD5 checksum: 856038 3b04229098a901c9b4de298443af7aff

sparc architecture (Sun SPARC/UltraSPARC)

Size/MD5 checksum: 830844 08971c1104010e23c01d52b343b11f56

Debian GNU/Linux 5.0 alias lenny

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

Size/MD5 checksum: 1349 825576201541f76cbc1dcab44bae9e61
Size/MD5 checksum: 103691 8b4252ad95f772b66b7dd06d60a1bfa6
Size/MD5 checksum: 2662056 da40b14c5b8ec5467505c98b4ee4b7b9

Architecture independent packages:

Size/MD5 checksum: 1256500 001a1754365940758a4ec97ead34fb34
Size/MD5 checksum: 195088 1951485bf96a4a688495c5ebfa050749

alpha architecture (DEC Alpha)

Size/MD5 checksum: 215366 e95e97a49984acf80828d18da59c72e9
Size/MD5 checksum: 783554 921f2efef6cc2fc8688bcbb6ca9d8b59
Size/MD5 checksum: 204746 ab8e55b37a646a496bb122e32d90b067
Size/MD5 checksum: 204640 5e3dc3781500c2c5a577e39ec4446d75

arm architecture (ARM)

Size/MD5 checksum: 214036 187789bcd2eb7d18e6ff207b296011db
Size/MD5 checksum: 203356 c6ac828e324d4cd79675d893b2b9af4c
Size/MD5 checksum: 203202 465de4f3bc6b6532208a22ba96a2a7f9
Size/MD5 checksum: 699814 f463140d95df55d8cd301c567878e397

armel architecture (ARM EABI)

Size/MD5 checksum: 213884 8b1501c1cfa5a61c6af8ca3c121dddda
Size/MD5 checksum: 705542 f03e97c4a517b1b44af58eeba70d9db3
Size/MD5 checksum: 203634 68c067db2619d26b9544688d1e9e7e8b
Size/MD5 checksum: 203526 43efcc97292d5d0545748c6210a32689

hppa architecture (HP PA RISC)

Size/MD5 checksum: 216732 a718ff67e4b488ef3052e6a1045c89f5
Size/MD5 checksum: 764824 fe6033f5797b6a163ed8ce552eb7182a
Size/MD5 checksum: 205296 a675af7ef1807e1e7f8cdacabf28a9c9
Size/MD5 checksum: 205144 3644789a8d2e181cfdac74a2a80ac85e

i386 architecture (Intel ia32)

Size/MD5 checksum: 203274 aaebf117359a3d9da24ad44d54b92370
Size/MD5 checksum: 203216 0b22db02bddba0d783049e83311526a5
Size/MD5 checksum: 688914 f7088094d696ab673f9e91631adc3bb6
Size/MD5 checksum: 212408 262af8522ecd16b57c11af409db528cb

ia64 architecture (Intel ia64)

Size/MD5 checksum: 980974 8ab9bfd7088b9740a27a54760059b3e9
Size/MD5 checksum: 222164 3ac1225c263d2678563fe0fa63a37cde
Size/MD5 checksum: 207428 c2a8edc2d5f2943034ccadf0c6d67c21
Size/MD5 checksum: 207274 0c4d9685cfe8479fcb24ef7eb86f301d

mips architecture (MIPS (Big Endian))

Size/MD5 checksum: 212246 f90b614ab734af4e75cb15d45d7571bd
Size/MD5 checksum: 691796 c2caa9adce6dd3d44c53a91e6c7b7e88
Size/MD5 checksum: 203262 f4947609b2a1e3b1016ff6a9b7c21d4c
Size/MD5 checksum: 203344 27701f545ffd35ec7fccf456a91a34ce

mipsel architecture (MIPS (Little Endian))

Size/MD5 checksum: 203266 566d885e4619eae83a3986cac1a28ad7
Size/MD5 checksum: 203412 62a1ae565c42e326ae2a129add355155
Size/MD5 checksum: 689126 f87ca4149400a5ac5bc3e17f149170b8
Size/MD5 checksum: 211804 6a32fca4e5b5cb68821670a0f59aa5ad

sparc architecture (Sun SPARC/UltraSPARC)

Size/MD5 checksum: 203744 e11aedfb13f8c65a7866b3aa35a35780
Size/MD5 checksum: 701992 1bb07d6070f54a0f84d237bb353c1149
Size/MD5 checksum: 203486 583c76972206a115b83c6af5f700727a
Size/MD5 checksum: 213718 59f82a39914654ba2a32ce50613dc83a


These files will probably be moved into the stable distribution on
its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

Severity
It has been discovered that proftpd-dfsg, a virtual-hosting FTP daemon,
does not properly handle a '\0' character in a domain name in the
Subject Alternative Name field of an X.509 client certificate, when the
dNSNameRequired TLS option is enabled.

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up