Linux Security
    Linux Security
    Linux Security

    Debian: New proftpd packages fix format string vulnerability

    Date
    5329
    Posted By
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 795-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                              Michael Stone
    September 1st, 2005                     https://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : proftpd
    Vulnerability  : potential code execution
    Problem-Type   : format string error
    Debian-specific: no
    CVE ID         : CAN-2005-2390
    
    infamous42md reported that proftpd suffers from two format string
    vulnerabilities. In the first, a user with the ability to create a
    directory could trigger the format string error if there is a
    proftpd shutdown message configured to use the "%C", "%R", or "%U"
    variables. In the second, the error is triggered if mod_sql is used
    to retrieve messages from a database and if format strings have been
    inserted into the database by a user with permission to do so.
    
    The old stable distribution (woody) is not affected by these
    vulnerabilities.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 1.2.10-15sarge1.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 1.2.10-20.
    
    We recommend that you upgrade your proftpd package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10.orig.tar.gz
          Size/MD5 checksum:   920495 7d2bc5b4b1eef459a78e55c027a4f3c4
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1.dsc
          Size/MD5 checksum:      897 1a728465d7d40d224e457809a06bc99c
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1.diff.gz
          Size/MD5 checksum:   127095 88f227abf247ed988fc35203d4108802
    
      Architecture independent packages:
    
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-doc_1.2.10-15sarge1_all.deb
          Size/MD5 checksum:   417460 ffde86a53bcc329f806d1014478730d0
    
      alpha architecture (DEC Alpha)
    
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_alpha.deb
          Size/MD5 checksum:   444400 f07ac7db8a9c2745de8f9cab76cdb3c4
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_alpha.deb
          Size/MD5 checksum:   457288 92100f9ba762c52d715c1f56f51f70a1
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_alpha.deb
          Size/MD5 checksum:   476538 dc6f68d4dec57fb3646e15ca98e78d4a
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_alpha.deb
          Size/MD5 checksum:   200800 ac5d323b2501c4396afd80ef0fb15c7f
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_alpha.deb
          Size/MD5 checksum:   476842 5caa3a66575ae253d0ce1df399d2c145
    
      amd64 architecture (AMD x86_64 (AMD64))
    
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_amd64.deb
          Size/MD5 checksum:   194542 dff3b3414b99189ea8a9f8d119109d47
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_amd64.deb
          Size/MD5 checksum:   388576 e197f0eb6340706bb998872c0ea32949
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_amd64.deb
          Size/MD5 checksum:   415108 906cf04f3eed0c5164f71bc22b6b7e01
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_amd64.deb
          Size/MD5 checksum:   414970 a7baba4ba0bdd13548e6e28c4825a83f
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_amd64.deb
          Size/MD5 checksum:   399826 a026b6c75ea587df68fbd1466adc1a2d
    
      arm architecture (ARM)
    
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_arm.deb
          Size/MD5 checksum:   188762 0740654ff6aedc7e96a8c3dfbbd2d315
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_arm.deb
          Size/MD5 checksum:   384080 1befd34e95a59132a071e3f9954eb6c4
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_arm.deb
          Size/MD5 checksum:   398882 f4d78c3f50080f238407945718b45567
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_arm.deb
          Size/MD5 checksum:   373788 bf67d85da87abfe27c7bf42cf2833b91
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_arm.deb
          Size/MD5 checksum:   398776 b25b17e7f6bf86234865896bafa84678
    
      hppa architecture (HP PA RISC)
    
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_hppa.deb
          Size/MD5 checksum:   194488 8267bb5ad6c70238fcebf3fb4035dace
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_hppa.deb
          Size/MD5 checksum:   403606 7dfe73131c34dc3e55c729bbc59f1252
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_hppa.deb
          Size/MD5 checksum:   431726 42c9d2d7d190e0ccaafcdb44e31536f5
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_hppa.deb
          Size/MD5 checksum:   431410 1aaf5d6855318e067640969095d8e96c
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_hppa.deb
          Size/MD5 checksum:   414794 8ebec69081b2c56b56a532db0ce504fb
    
      i386 architecture (Intel ia32)
    
    
    
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_i386.deb
          Size/MD5 checksum:   397122 c629a1bf4982b085d05be740052cfa67
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_i386.deb
          Size/MD5 checksum:   396966 f67e8ec673c483fd3aa90f917595a250
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_i386.deb
          Size/MD5 checksum:   189470 8f024068171ca297064f29e58bc51b33
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_i386.deb
          Size/MD5 checksum:   381756 5355604f7b1625db02a3f68d97eff290
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_i386.deb
          Size/MD5 checksum:   371622 1a26e468fef7b863f30bf2b1fe7df817
    
      ia64 architecture (Intel ia64)
    
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_ia64.deb
          Size/MD5 checksum:   207014 acacffe75c737005bb6c9d9bd63f091b
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_ia64.deb
          Size/MD5 checksum:   535252 ed7479cef8bc9777c5f11223779896d0
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_ia64.deb
          Size/MD5 checksum:   519678 0217f6bd617282f1e8d9e598f86f83aa
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_ia64.deb
          Size/MD5 checksum:   562122 2fbccb31b331c17609d5e4fdf517416a
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_ia64.deb
          Size/MD5 checksum:   562312 5084eb589b099cfd51759557ce8fd21b
    
      m68k architecture (Motorola Mc680x0)
    
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_m68k.deb
          Size/MD5 checksum:   332318 a61dd073f2f9a4697d254b8e7fb48a14
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_m68k.deb
          Size/MD5 checksum:   353102 1e24565274060aeeafb77a756f31f212
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_m68k.deb
          Size/MD5 checksum:   340938 7afb5724e4caf150b6f5102c34c3c1d6
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_m68k.deb
          Size/MD5 checksum:   352770 ed92f153968e58aa200df1ef2888afba
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_m68k.deb
          Size/MD5 checksum:   187180 764673a0052a9b2b39e94076d764e2bb
    
      mips architecture (MIPS (Big Endian))
    
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_mips.deb
          Size/MD5 checksum:   382426 aee4a0de1997e66fb89f3a8b964e716a
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_mips.deb
          Size/MD5 checksum:   406442 e45275b4fbc4479ffd60849efb79d067
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_mips.deb
          Size/MD5 checksum:   201640 879687be2b57e8dcc90a8ea1158393ad
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_mips.deb
          Size/MD5 checksum:   406224 5e522fc33f697d5dbd4df431c0cc9790
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_mips.deb
          Size/MD5 checksum:   391930 08faf62b0089f29bd019866911c699e1
    
      mipsel architecture (MIPS (Little Endian))
    
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_mipsel.deb
          Size/MD5 checksum:   201838 239a8377c0a5b2940afe2cf5b86bdaf2
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_mipsel.deb
          Size/MD5 checksum:   409472 378d91ea943ff489ed38b49d60e84b76
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_mipsel.deb
          Size/MD5 checksum:   384264 dfd8fa9d98bdcda752dc1cf7a88f6582
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_mipsel.deb
          Size/MD5 checksum:   393384 ce795b5aa745c5d412c39814a5a8a427
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_mipsel.deb
          Size/MD5 checksum:   409220 a84d6673ece2d89d4e28f39279f2914e
    
      powerpc architecture (PowerPC)
    
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_powerpc.deb
          Size/MD5 checksum:   384498 492efa6567a3f8e13b019c7fb05f160e
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_powerpc.deb
          Size/MD5 checksum:   411728 2073ec04cf38a1449d4a350c3e55f16f
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_powerpc.deb
          Size/MD5 checksum:   412074 f07eb73d8f40955facf41d2d52d67da2
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_powerpc.deb
          Size/MD5 checksum:   195382 c6079a29a73a585f060c1ee6037cb93f
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_powerpc.deb
          Size/MD5 checksum:   395084 23ec082a6c703f517b3d9fa68ec42d9b
    
      s390 architecture (IBM S/390)
    
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_s390.deb
          Size/MD5 checksum:   193006 1e52c1da9c58b290978b7935a9d58770
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_s390.deb
          Size/MD5 checksum:   379632 b7ecd26925dd5bf9a69f24e33dd55184
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_s390.deb
          Size/MD5 checksum:   390112 814e21080d6d95cea596a8dc5747e29f
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_s390.deb
          Size/MD5 checksum:   403740 8426f8d4d195c1d51dd568249cb61619
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_s390.deb
          Size/MD5 checksum:   403984 89ff426837c5b0dbfed07f88700f619c
    
      sparc architecture (Sun SPARC/UltraSPARC)
    
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_sparc.deb
          Size/MD5 checksum:   394824 4b17a185fb614e83739fd7cdc711b63a
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_sparc.deb
          Size/MD5 checksum:   379428 5f182cf8e0303797c78f65f6aa8704a9
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_sparc.deb
          Size/MD5 checksum:   369734 a75df8c75998eae366a2200516eaf01f
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_sparc.deb
          Size/MD5 checksum:   189018 c30ff0d36b2f68fc795f25efb128dd20
        https://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_sparc.deb
          Size/MD5 checksum:   394700 9a8eb46038f3086f04daef31fea9b821
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb https://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    I agree with Linus Torvalds - Apple's new M1-powered laptops should run on Linux.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/45-i-agree-with-linus-torvalds-apple-s-new-m1-powered-laptops-should-run-on-linux?task=poll.vote&format=json
    45
    radio
    [{"id":"158","title":"True","votes":"11","type":"x","order":"1","pct":100,"resources":[]},{"id":"159","title":"False","votes":"0","type":"x","order":"2","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.