Debian: New proftpd packages fix several vulnerabilities

    Date01 Dec 2006
    CategoryDebian
    1984
    Posted ByLinuxSecurity Advisories
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1222-2                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                         Moritz Muehlenhoff
    December 1st, 2006                     http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : proftpd
    Vulnerability  : several
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CVE-2006-5815 CVE-2006-6170 CVE-2006-6171
    Debian Bug     : 399070
    
    Due to technical problems yesterday's proftpd update lacked a build for
    the amd64 architecture, which is now available.
    
    Several remote vulnerabilities have been discovered in the proftpd FTP
    daemon, which may lead to the execution of arbitrary code or denial
    of service. The Common Vulnerabilities and Exposures project identifies
    the following problems:
    
    CVE-2006-5815
    
        It was discovered that a buffer overflow in the sreplace() function
        may lead to denial of service and possibly the execution of arbitrary
        code.
    
    CVE-2006-6170
    
        It was discovered that a buffer overflow in the mod_tls addon module
        may lead to the execution of arbitrary code.
    
    CVE-2006-6171
    
        It was discovered that insufficient validation of FTP command buffer
        size limits may lead to denial of service. Due to unclear information
        this issue was already fixed in DSA-1218 as CVE-2006-5815.
    
    For the stable distribution (sarge) these problem has been fixed in version
    1.2.10-15sarge3.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 1.3.0-16 of the proftpd-dfsg package.
    
    We recommend that you upgrade your proftpd package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge3.dsc
          Size/MD5 checksum:      897 d4dea6caa9438bea9d260f20761393ec
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge3.diff.gz
          Size/MD5 checksum:   128340 4f14cee4723b725983eed3d7d9e7fe39
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10.orig.tar.gz
          Size/MD5 checksum:   920495 7d2bc5b4b1eef459a78e55c027a4f3c4
    
      Architecture independent components:
    
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-doc_1.2.10-15sarge3_all.deb
          Size/MD5 checksum:   422614 c673d2a4e9db616bca66e8c2f992a95d
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge3_alpha.deb
          Size/MD5 checksum:   444532 d4950ecc709597f04a379e4a3f5644f9
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge3_alpha.deb
          Size/MD5 checksum:   200874 92481cca4bbbce0f0db4fb16ac0c53af
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge3_alpha.deb
          Size/MD5 checksum:   457334 b730aa7d3ff1c08d08bca66168686626
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge3_alpha.deb
          Size/MD5 checksum:   476906 15a84985231a886c2d9cfaa108edad31
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge3_alpha.deb
          Size/MD5 checksum:   476588 3ae27f992a26986872cfc4e26af3add5
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge3_amd64.deb
          Size/MD5 checksum:   389136 7bddbc3f2780aa71452dad18e8f1f2aa
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge3_amd64.deb
          Size/MD5 checksum:   194638 e1b229291ddf3c0050492c926add1e08
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge3_amd64.deb
          Size/MD5 checksum:   400102 2ce57e6d93236508f064b0546d19bf01
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge3_amd64.deb
          Size/MD5 checksum:   415450 30b99e2426cf7a3bcfce35dc03b5c39f
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge3_amd64.deb
          Size/MD5 checksum:   415232 4a021fe85a08b02051702aafbdfcd893
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge3_arm.deb
          Size/MD5 checksum:   373966 1c371d644b23ffa23ae4cdb847237048
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge3_arm.deb
          Size/MD5 checksum:   188856 094b34ff2e629e4a2e34a40632130782
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge3_arm.deb
          Size/MD5 checksum:   384130 3a073b4e2ce0a4c006b021bc2a70713c
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge3_arm.deb
          Size/MD5 checksum:   399002 52a258d6db3529dc42f93b3377166f48
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge3_arm.deb
          Size/MD5 checksum:   398846 010ff68a50710591d79e6791a36ebe4e
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge3_hppa.deb
          Size/MD5 checksum:   403768 625a4174453f9aae518fecf9e4f6cffd
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge3_hppa.deb
          Size/MD5 checksum:   194534 d69950a0728249287a953efd0e256d95
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge3_hppa.deb
          Size/MD5 checksum:   414946 26cd4464a72e49bf3dd7bae1e6bcb4c5
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge3_hppa.deb
          Size/MD5 checksum:   431866 880875bdcf2aa45c40af333a205a9386
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge3_hppa.deb
          Size/MD5 checksum:   431612 82c75ec629e6408d19f8b7f4e1704e0b
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge3_i386.deb
          Size/MD5 checksum:   371322 3fa4ccac9c73bc8c19e075ed49f01a42
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge3_i386.deb
          Size/MD5 checksum:   188924 2bdb4609055c6a77ef45e376f43bb6b8
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge3_i386.deb
          Size/MD5 checksum:   381022 5cc5974e4124b09a5c3a7a04fc4c0dfb
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge3_i386.deb
          Size/MD5 checksum:   396780 1e05de59c612c3b59a0384c6b728909c
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge3_i386.deb
          Size/MD5 checksum:   396546 e7e49a7c96f3c5f1a335bdce31b4a41d
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge3_ia64.deb
          Size/MD5 checksum:   519752 379b681d8139096f30c07adaf360a258
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge3_ia64.deb
          Size/MD5 checksum:   207072 6a7a86411c903cfe92848369d8939dc9
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge3_ia64.deb
          Size/MD5 checksum:   535426 f6e1da6b7febf2b374ce3d9cf844596e
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge3_ia64.deb
          Size/MD5 checksum:   562386 6b9476b33d3eb98e87cda796ef3e1cba
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge3_ia64.deb
          Size/MD5 checksum:   562222 ddaf242f3d24e951b9578f2bf37ae4c7
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge3_m68k.deb
          Size/MD5 checksum:   332616 7f28eb7a6612422159554511d20c565c
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge3_m68k.deb
          Size/MD5 checksum:   187212 97853824e6e354d30d08e5d4f92f866a
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge3_m68k.deb
          Size/MD5 checksum:   340948 7cb0f9de38603efd2becbaf8a767860d
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge3_m68k.deb
          Size/MD5 checksum:   353236 b8afaa29deb9a2aaa5826fefd92ee051
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge3_m68k.deb
          Size/MD5 checksum:   352866 dddab5e89fc109de3892f100d5ea702d
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge3_mips.deb
          Size/MD5 checksum:   382502 88e5ef3fca660e28577a39db65f0743b
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge3_mips.deb
          Size/MD5 checksum:   201698 9a79029722afde2e9f9881323f09f523
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge3_mips.deb
          Size/MD5 checksum:   391960 847c19048ee9c921abbcedb0742be96d
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge3_mips.deb
          Size/MD5 checksum:   406524 d89d533478c0e5f9997869122173e627
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge3_mips.deb
          Size/MD5 checksum:   406246 f12661492861e6c6f94f5f2ae57318d4
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge3_mipsel.deb
          Size/MD5 checksum:   384380 83f0858fa68da448e561f9cfd48fedab
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge3_mipsel.deb
          Size/MD5 checksum:   201916 8a197d293f4c7d735bd0584ec6ec74ee
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge3_mipsel.deb
          Size/MD5 checksum:   393456 45fb0f0a6f79be0ebab17ebf7305340f
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge3_mipsel.deb
          Size/MD5 checksum:   409566 4d33f9e7c059949a27704379228b7119
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge3_mipsel.deb
          Size/MD5 checksum:   409366 5ee8e0e4dc1c831a2f56ff92404ea1c8
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge3_powerpc.deb
          Size/MD5 checksum:   384536 67c443041e0f5fdc280952fe849f6905
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge3_powerpc.deb
          Size/MD5 checksum:   195440 cf7b974f9f75e96ff9eb60afd64ceac0
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge3_powerpc.deb
          Size/MD5 checksum:   395224 3ef2ae27f6234f181b2934f8656d47a0
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge3_powerpc.deb
          Size/MD5 checksum:   412098 160500875d6d666fe89ff3590767f205
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge3_powerpc.deb
          Size/MD5 checksum:   411734 baf2f4a518503428bd46c7528adf3ed0
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge3_s390.deb
          Size/MD5 checksum:   379718 c33ac1f5e3afa17837d6b8a6b46173bc
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge3_s390.deb
          Size/MD5 checksum:   193048 f1533436a3741501e67ca8a10781b274
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge3_s390.deb
          Size/MD5 checksum:   390196 865bc00469365ae23db91d9a86ef201f
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge3_s390.deb
          Size/MD5 checksum:   404046 022be9231922608c55613044285a367e
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge3_s390.deb
          Size/MD5 checksum:   403780 a182f9bada4a850d9103f76a6024521a
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge3_sparc.deb
          Size/MD5 checksum:   369766 1ebaaa6c12ee1db33142347ad7bd2256
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge3_sparc.deb
          Size/MD5 checksum:   189086 370817d19ca97068c40263ebc64a4345
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge3_sparc.deb
          Size/MD5 checksum:   379560 5d3c311d57939b9d6ccc262ad9226845
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge3_sparc.deb
          Size/MD5 checksum:   394922 119cdba979f469fce53f1311d15b9ab1
        http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge3_sparc.deb
          Size/MD5 checksum:   394722 ebb293c93ebceaa14edd1ceacc64a3d8
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":11.11,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.