Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 533
Alerts This Week
Warning Icon 1 533

Fedora 24 Proftpd SSH Hostkey Fix Critical Advisory 2016-ac3587be9a

fedora
Calendar Grey March 27, 2016
Scroller Fedora Esm H88
Comprehensive patch for proftpd on Fedora 24 targeting severe vulnerabilities and an array of bug corrections provided.
Cumulative maintenance release from upstream

Summary

ProFTPD is an enhanced FTP server with a focus toward simplicity, security,

and ease of configuration. It features a very Apache-like configuration

syntax, and a highly customizable server infrastructure, including support for

multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory

visibility.

This package defaults to the standalone behavior of ProFTPD, but all the

needed scripts to have it run by systemd instead are included.

Update Information:

Cumulative maintenance release from upstream. Highlights are: * SSH RSA hostkeys smaller than 2048 bits now work properly. * MLSD response lines are now properly CRLF terminated. * Fixed selection of DH groups from TLSDHParamFile (CVE-2016-3125) Various other bug fixes are also included.

Change Log

References


[ 1 ] Bug #1317420 - CVE-2016-3125 proftpd: usage of 1024 bit DH key even with manual parameters set https://bugzilla.redhat.com/show_bug.cgi?id=1317420

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update proftpd' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: proftpd
Product: Fedora 24
Version: 1.3.5b
Release: 1.fc24
Summary: Flexible, stable and highly-configurable FTP server

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.