Linux Security
    Linux Security
    Linux Security

    Debian: New gftp packages fix directory traversal vulnerability

    Date 17 Feb 2005
    5996
    Posted By Joe Shakespeare
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 686-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                             Martin Schulze
    February 17th, 2005                     https://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : gftp
    Vulnerability  : missing input sanitising
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CAN-2005-0372
    
    Albert Puigsech Galicia discovered a directory traversal vulnerability
    in a proprietary FTP client (CAN-2004-1376) which is also present in
    gftp, a GTK+ FTP client.  A malicious server could provide a specially
    crafted filename that could cause arbitrary files to be overwritten or
    created by the client.
    
    For the stable distribution (woody) this problem has been fixed in
    version 2.0.11-1woody1.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 2.0.18-1.
    
    We recommend that you upgrade your gftp package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
        https://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1.dsc
          Size/MD5 checksum:      631 980555d208281b3ac35069dd0119f98c
        https://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1.diff.gz
          Size/MD5 checksum:     2760 15eff6342db5e2f2bee5c262618cf642
        https://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11.orig.tar.gz
          Size/MD5 checksum:   896320 3c63b5eed2faffe820bace112be2db8a
    
      Alpha architecture:
    
        https://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_alpha.deb
          Size/MD5 checksum:    27350 39764c5e34ef08fce49bf59f887a0afa
        https://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_alpha.deb
          Size/MD5 checksum:   234078 359126a5f2d1da940f1b6000c7ab9752
        https://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_alpha.deb
          Size/MD5 checksum:   252376 56405294ce7a01e84976c8fc6683f544
        https://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_alpha.deb
          Size/MD5 checksum:    86296 8ac8f60d39cf4c3db57dd04df0b11a53
    
      ARM architecture:
    
        https://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_arm.deb
          Size/MD5 checksum:    27360 9fea83142508e1b6c2790016c3395ca0
        https://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_arm.deb
          Size/MD5 checksum:   234120 a4760d5de60e0a4a04be1c8dc75ec264
        https://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_arm.deb
          Size/MD5 checksum:   226588 71fb1b6d6603d5967c6714e7ca33f389
        https://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_arm.deb
          Size/MD5 checksum:    73906 60c748df56cbef3944079654553497ea
    
      Intel IA-32 architecture:
    
        https://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_i386.deb
          Size/MD5 checksum:    27312 10aec83a3257a3bc22739e6087bc6ef2
        https://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_i386.deb
          Size/MD5 checksum:   234056 57459c25bd9f96bd6f26e566468856ba
        https://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_i386.deb
          Size/MD5 checksum:   219792 98beb285ca804a8fbbed4498a54268ff
        https://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_i386.deb
          Size/MD5 checksum:    68360 f8fa329a81404c4d5392c285e50a5505
    
      Intel IA-64 architecture:
    
        https://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_ia64.deb
          Size/MD5 checksum:    27348 6f32e2cb005ffe56e2803b860e0e4d74
        https://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_ia64.deb
          Size/MD5 checksum:   234044 a2c3ff641d7b2e880456f1a8868b33fe
        https://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_ia64.deb
          Size/MD5 checksum:   299582 b7c2e1ea7228f461235666d932361551
        https://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_ia64.deb
          Size/MD5 checksum:   110640 26995f700b8389fd9aad5b368f5faf7c
    
      HP Precision architecture:
    
        https://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_hppa.deb
          Size/MD5 checksum:    27358 07b2d426543fd686ad3380e8bcd4805f
        https://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_hppa.deb
          Size/MD5 checksum:   234094 322189d295ba47c91d2061309fa6a9fa
        https://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_hppa.deb
          Size/MD5 checksum:   242482 44bb85b863ae217f2575835877041d4a
        https://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_hppa.deb
          Size/MD5 checksum:    82608 e31d810b73f571088cc837958d7a2796
    
      Motorola 680x0 architecture:
    
        https://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_m68k.deb
          Size/MD5 checksum:    27358 faf8af474984da98e9d6f98f0918a261
        https://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_m68k.deb
          Size/MD5 checksum:   234106 a8b2e05b710887903feed817016f5f97
        https://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_m68k.deb
          Size/MD5 checksum:   210554 7a532d25cb6840e69f97647b08d619c0
        https://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_m68k.deb
          Size/MD5 checksum:    64032 983b93b4e2aac1922e97a193220e18d4
    
      Big endian MIPS architecture:
    
        https://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_mips.deb
          Size/MD5 checksum:    27362 103f10d9ae47826ee1957d14d556a46f
        https://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_mips.deb
          Size/MD5 checksum:   234114 0667ca7e24f987e6002955093df95537
        https://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_mips.deb
          Size/MD5 checksum:   224722 0bdb6399f56a1cc4819c3ab883a53a68
        https://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_mips.deb
          Size/MD5 checksum:    77184 26288b5af19513a0cf09bd82ca7b9336
    
      Little endian MIPS architecture:
    
        https://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_mipsel.deb
          Size/MD5 checksum:    27372 43c94486400ca12254c554cb4650fe01
        https://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_mipsel.deb
          Size/MD5 checksum:   234188 94df73bb1fe62d21a665ee80380db772
        https://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_mipsel.deb
          Size/MD5 checksum:   224648 210416ce87866bab58f2b2c390f52ece
        https://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_mipsel.deb
          Size/MD5 checksum:    77994 e1803d086deb47d61f2f79b62e22913e
    
      PowerPC architecture:
    
        https://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_powerpc.deb
          Size/MD5 checksum:    27356 6426c00ec3364f72f0ec9481e5e89bb5
        https://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_powerpc.deb
          Size/MD5 checksum:   234082 35a1396d45c42ee5b34045c23ae34b05
        https://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_powerpc.deb
          Size/MD5 checksum:   227890 8fb52949c02dc3c8a8bf39c86814da9b
        https://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_powerpc.deb
          Size/MD5 checksum:    73356 8eba2f163e75f0716879c0320442c246
    
      IBM S/390 architecture:
    
        https://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_s390.deb
          Size/MD5 checksum:    27352 6e71f2937c2db84ed950583237308504
        https://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_s390.deb
          Size/MD5 checksum:   234104 85637cf1e6794969be0cc35b6478f95b
        https://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_s390.deb
          Size/MD5 checksum:   219246 1f4647d19f593d958c5653e1a6515c2d
        https://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_s390.deb
          Size/MD5 checksum:    68090 f0a4483365820c67a7d875b21bc81734
    
      Sun Sparc architecture:
    
        https://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_sparc.deb
          Size/MD5 checksum:    27356 f734ad981e036daed46044b6bd12f236
        https://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_sparc.deb
          Size/MD5 checksum:   234102 4d9c016c8daefd7b20aefa37a193a6ce
        https://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_sparc.deb
          Size/MD5 checksum:   226774 e04c114438c2788155e43c6c32eb4683
        https://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_sparc.deb
          Size/MD5 checksum:    74910 88a25c71729495ccbebaf4c98eee102d
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb https://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    Advisories

    LinuxSecurity Poll

    I agree with Linus Torvalds - Apple's new M1-powered laptops should run on Linux.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/45-i-agree-with-linus-torvalds-apple-s-new-m1-powered-laptops-should-run-on-linux?task=poll.vote&format=json
    45
    radio
    [{"id":"158","title":"True","votes":"17","type":"x","order":"1","pct":3.32,"resources":[]},{"id":"159","title":"False","votes":"495","type":"x","order":"2","pct":96.68,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.