Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Debian: pure-ftpd Important Denial of Service Fix DLA-4360-1 CVE-2021-40524

debian lts
Calendar Grey November 3, 2025
Dist Debian Esm H88
Critical pure-ftpd security update for Debian LTS addresses upload size verification flaw allowing DoS attacks. Upgrade now!
It was discovered that pure-ftpd, a secure and efficient FTP server, incorrectly verified the maximum file size in the quota mechanism, allowing adversaries to upload files of unbo...

Summary

For Debian 11 bullseye, this problem has been fixed in version
1.0.49-4.1+deb11u1.

We recommend that you upgrade your pure-ftpd packages.

For the detailed security status of pure-ftpd please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/pure-ftpd

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
important
Lowest
Low
Medium
High
Critical

Package: pure-ftpd
Version: 1.0.49-4.1+deb11u1
CVE ID: CVE-2021-40524
Debian Bug: 993810

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here