Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Fedora 44 proftpd Important Buffer Overflow Fix 2026-2f95481529

fedora
Calendar Grey July 17, 2026
Scroller Fedora
Cumulative update for proftpd in Fedora 44 includes essential bug fixes for buffer overflows and security enhancements.
Cumulative bug-fix update, including several buffer overflow fixes.

Summary

ProFTPD is an enhanced FTP server with a focus toward simplicity, security,

and ease of configuration. It features a very Apache-like configuration

syntax, and a highly customizable server infrastructure, including support for

multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory

visibility.

This package defaults to the standalone behavior of ProFTPD, but all the

needed scripts to have it run by systemd instead are included.

Update Information:

Cumulative bug-fix update, including several buffer overflow fixes.

Change Log

* Wed Jul 8 2026 Paul Howarth - 1.3.9c-1 - Update to 1.3.9c - ExecEnviron values not passed due to regression since 1.3.8.d (GH#2135) - Stack buffer overflow in MLSD/MLST handling for long path names (GH#2146) - MaxTransfersPerUser no longer enforces configured limits (GH#2158) - AdminControlsACLs for config, get actions not honored as they should be (GH#2163) - Memcached/Redis-cached JSON TLS session/OCSP entries decoded into fixed buffers without bounds checking (GH#2166) - RewriteMap unescape builtin use causes one-byte out-of-bounds write, fails to reject illegal characters (GH#2173) - SQL group name lookup concatenates client-provided group names without escaping (GH#2188) - Authenticated SFTP sessions can overflow the SFTP packet buffer (GH#2190) - Default Controls socket ACLs unintentionally allow all users access for sending Controls requests (GH#2210) * Fri Jun 12 2026 Yaakov Selkowitz - 1.3.9b-2 - Rebuilt for openssl 4.0

References

Fedora Update Notification FEDORA-2026-2f95481529 2026-07-18 00:26:14.272998+00:00 Name : proftpd Product : Fedora 44 Version : 1.3.9c Release : 1.fc44 URL : http://www.proftpd.org/ Summary : Flexible, stable and highly-configurable FTP server Description : ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory visibility. This package defaults to the standalone behavior of ProFTPD, but all the needed scripts to have it run by systemd instead are included.

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-2f95481529' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: proftpd
Product: Fedora 44
Version: 1.3.9c
Release: 1.fc44
Summary: Flexible, stable and highly-configurable FTP server

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.