Fedora 40: 2025-d37ad923f5 high: ProFTPD buffer crash fix
fedora
February 22, 2025
This update addresses a null pointer dereferencing issue that could cause the session for a client that sent specially-crafted commands to the server to crash (not the sessions of ...
Summary
ProFTPD is an enhanced FTP server with a focus toward simplicity, security,
and ease of configuration. It features a very Apache-like configuration
syntax, and a highly customizable server infrastructure, including support for
multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory
visibility.
This package defaults to the standalone behavior of ProFTPD, but all the
needed scripts to have it run by systemd instead are included.
Update Information:
This update addresses a null pointer dereferencing issue that could cause the session for a client that sent specially-crafted commands to the server to crash (not the sessions of other clients).
Change Log
* Thu Feb 13 2025 Paul Howarth
References
[ 1 ] Bug #2344418 - CVE-2024-57392 proftpd: Buffer Overflow in ProFTPD [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2344418
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-d37ad923f5' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS
NEXT
Name: proftpd
Product: Fedora 40
Version: 1.3.8c
Release: 3.fc40
Summary: Flexible, stable and highly-configurable FTP server
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!