Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Fedora 22 ProFTPD Update 2016-f95d8ea3ad Critical: SSH Hostkey Fix

fedora
Calendar Grey March 20, 2016
Dist Fedora Esm H88
The latest proftpd update for Fedora 22 features enhancements to SSH hostkey management and resolves various bugs, marking an important maintenance release.
Cumulative maintenance release from upstream

Summary

ProFTPD is an enhanced FTP server with a focus toward simplicity, security,

and ease of configuration. It features a very Apache-like configuration

syntax, and a highly customizable server infrastructure, including support for

multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory

visibility.

This package defaults to the standalone behavior of ProFTPD, but all the

needed scripts to have it run by systemd instead are included.

Update Information:

Cumulative maintenance release from upstream. Highlights are: * SSH RSA hostkeys smaller than 2048 bits now work properly. * MLSD response lines are now properly CRLF terminated. * Fixed selection of DH groups from TLSDHParamFile (CVE-2016-3125). Various other bug fixes are also included.

Change Log

References


[ 1 ] Bug #1317420 - CVE-2016-3125 proftpd: usage of 1024 bit DH key even with manual parameters set https://bugzilla.redhat.com/show_bug.cgi?id=1317420

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update proftpd' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: proftpd
Product: Fedora 22
Version: 1.3.5b
Release: 1.fc22
Summary: Flexible, stable and highly-configurable FTP server

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.