Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

openSUSE: 2020:0031-1 Moderate: ProFTPD Denial-of-Service Fix

opensuse
Calendar Grey January 13, 2020
Dist Opensuse Esm H88
The latest openSUSE proftpd update addresses several vulnerabilities, notably a denial-of-service issue. Discover further insights into the advisory specifics.
An update that solves 5 vulnerabilities and has two fixes is now available.

Description

This update for proftpd fixes the following issues:

* GeoIP has been discontinued by Maxmind (boo#1156210) This update removes

module build for geoip see

- CVE-2019-19269: Fixed a NULL pointer dereference may occur when

validating the certificate of a client connecting to the server

(boo#1157803)

- CVE-2019-19270: Fixed a Failure to check for the appropriate field of a

CRL entry prevents some valid CRLs from being taken into account

(boo#1157798)

- CVE-2019-18217: Fixed remote unauthenticated denial-of-service due to

incorrect handling of overly long commands (boo#1154600 gh#846)

Update to 1.3.6b

* Fixed pre-authentication remote denial-of-service issue (Issue #846).

* Backported fix for building mod_sql_mysql using MySQL 8 (Issue #824).

Update to 1.3.6a:

* Fixed symlink navigation (Bug#4332).

* Fixed building of mod_sftp using OpenSSL 1.1.x releases (Issue#674).

* Fixed SITE COPY honoring of restrictions...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate update patch proftpd denial-of-service openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-31=1

- openSUSE Backports SLE-15-SP1:

zypper in -t patch openSUSE-2020-31=1

- openSUSE Backports SLE-15:

zypper in -t patch openSUSE-2020-31=1

Package List

- openSUSE Leap 15.1 (x86_64):

proftpd-1.3.6b-lp151.3.6.1

proftpd-debuginfo-1.3.6b-lp151.3.6.1

proftpd-debugsource-1.3.6b-lp151.3.6.1

proftpd-devel-1.3.6b-lp151.3.6.1

proftpd-doc-1.3.6b-lp151.3.6.1

proftpd-ldap-1.3.6b-lp151.3.6.1

proftpd-ldap-debuginfo-1.3.6b-lp151.3.6.1

proftpd-mysql-1.3.6b-lp151.3.6.1

proftpd-mysql-debuginfo-1.3.6b-lp151.3.6.1

proftpd-pgsql-1.3.6b-lp151.3.6.1

proftpd-pgsql-debuginfo-1.3.6b-lp151.3.6.1

proftpd-radius-1.3.6b-lp151.3.6.1

proftpd-radius-debuginfo-1.3.6b-lp151.3.6.1

proftpd-sqlite-1.3.6b-lp151.3.6.1

proftpd-sqlite-debuginfo-1.3.6b-lp151.3.6.1

- openSUSE Leap 15.1 (noarch):

proftpd-lang-1.3.6b-lp151.3.6.1

- openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):

proftpd-1.3.6b-bp151.4.6.2

proftpd-devel-1.3.6b-bp151.4.6.2

proftpd-doc-1.3.6b-bp151.4.6.2

proftpd-ldap-1.3.6b-bp151.4.6.2

proftpd-mysql-1.3.6b-bp151.4.6.2

proftpd-pgsql-1.3.6b-bp151.4.6.2

proftpd-radius-1.3.6b-bp151.4.6.2

proftpd-sqlite-1.3.6b-bp151.4.6.2

- openSUSE Backports SLE-15-SP1 (noarch):

proftpd-lang-1.3.6b-bp...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2017-7418.html

https://www.suse.com/security/cve/CVE-2019-12815.html

https://www.suse.com/security/cve/CVE-2019-18217.html

https://www.suse.com/security/cve/CVE-2019-19269.html

https://www.suse.com/security/cve/CVE-2019-19270.html

https://bugzilla.suse.com/1113041

https://bugzilla.suse.com/1144056

https://bugzilla.suse.com/1154600

https://bugzilla.suse.com/1155834

https://bugzilla.suse.com/1156210

https://bugzilla.suse.com/1157798

https://bugzilla.suse.com/1157803

--

Announcement ID: openSUSE-SU-2020:0031-1
Rating: moderate
Affected Products: openSUSE Leap 15.1 openSUSE Backports SLE-15-SP1 openSUSE Backports SLE-15 le.

Topics%20covered

Topics Covered

security advisory moderate update patch proftpd denial-of-service openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here