Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Fedora 33: 2021-b131080aa3 Moderate: ProFTPD Memory Disclosure Fix

fedora
Calendar Grey September 8, 2021
Dist Fedora Esm H88
An aggregate patch update of OpenSSH for CentOS 8 tackles vulnerabilities and boosts efficiency with improved settings.
Cumulative bug-fix release from upstream.

Summary

ProFTPD is an enhanced FTP server with a focus toward simplicity, security,

and ease of configuration. It features a very Apache-like configuration

syntax, and a highly customizable server infrastructure, including support for

multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory

visibility.

This package defaults to the standalone behavior of ProFTPD, but all the

needed scripts to have it run by systemd instead are included.

Cumulative bug-fix release from upstream.

* Tue Aug 31 2021 Paul Howarth - 1.3.7c-1

- Update to 1.3.7c

- Improve mod_tls log messages for unsupported older TLS protocol requests

(GH#1273)

- Fix memory disclosure to RADIUS servers by mod_radius (GH#1284)

- Properly handle sections that use interface/device names

(GH#1282)

- PCRE expressions with capture groups are not being handled properly

(GH#1300)

- AuthUserFile permissions check fails during SIGHUP, causing ProFTPD to

stop (GH#1307)

* Fri Jul 23 2021 Fedora Release Engineering - 1.3.7b-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild

* Tue Jun 22 2021 Paul Howarth - 1.3.7b-2

- BR: glibc-gconv-extra for API tests from Fedora 35 onwards

[ 1 ] Bug #2001690 - proftpd: memory disclosure to RADIUS servers by mod_radius

https://bugzilla.redhat.com/show_bug.cgi?id=2001690

su -c 'dnf upgrade --advisory FEDORA-2021-b131080aa3' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics%20covered

Topics Covered

security advisory security update Fedora bug fix memory disclosure ProFTPD

Change Log

References

Update Instructions

Severity
important
Lowest
Low
Medium
High
Critical

Product: Fedora 33
Version: 1.3.7c
Release: 1.fc33
URL: http://www.proftpd.org/
Summary: Flexible, stable and highly-configurable FTP server

Topics%20covered

Topics Covered

security advisory security update Fedora bug fix memory disclosure ProFTPD

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here