Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Fedora 43 ProFTPD Urgent Buffer Overflow Resolution 2026-75a8969e55

fedora
Calendar Grey July 17, 2026
Scroller Fedora
Critical update for Fedora 43 addresses buffer overflows in ProFTPD with several important fixes.
Cumulative bug-fix update, including several buffer overflow fixes.

Summary

ProFTPD is an enhanced FTP server with a focus toward simplicity, security,

and ease of configuration. It features a very Apache-like configuration

syntax, and a highly customizable server infrastructure, including support for

multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory

visibility.

This package defaults to the standalone behavior of ProFTPD, but all the

needed scripts to have it run by systemd instead are included.

Update Information:

Cumulative bug-fix update, including several buffer overflow fixes.

Change Log

* Wed Jul 8 2026 Paul Howarth - 1.3.9c-1 - Update to 1.3.9c - ExecEnviron values not passed due to regression since 1.3.8.d (GH#2135) - Stack buffer overflow in MLSD/MLST handling for long path names (GH#2146) - MaxTransfersPerUser no longer enforces configured limits (GH#2158) - AdminControlsACLs for config, get actions not honored as they should be (GH#2163) - Memcached/Redis-cached JSON TLS session/OCSP entries decoded into fixed buffers without bounds checking (GH#2166) - RewriteMap unescape builtin use causes one-byte out-of-bounds write, fails to reject illegal characters (GH#2173) - SQL group name lookup concatenates client-provided group names without escaping (GH#2188) - Authenticated SFTP sessions can overflow the SFTP packet buffer (GH#2190) - Default Controls socket ACLs unintentionally allow all users access for sending Controls requests (GH#2210) * Fri Jun 12 2026 Yaakov Selkowitz - 1.3.9b-2 - Rebuilt for openssl 4.0

References

Fedora Update Notification FEDORA-2026-75a8969e55 2026-07-18 00:27:50.464547+00:00 Name : proftpd Product : Fedora 43 Version : 1.3.9c Release : 1.fc43 URL : http://www.proftpd.org/ Summary : Flexible, stable and highly-configurable FTP server Description : ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory visibility. This package defaults to the standalone behavior of ProFTPD, but all the needed scripts to have it run by systemd instead are included.

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-75a8969e55' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: proftpd
Product: Fedora 43
Version: 1.3.9c
Release: 1.fc43
Summary: Flexible, stable and highly-configurable FTP server

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.