Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Slackware 12.1: 2011-405-04 Urgent: OpenSSH Buffer Spill Concern

slackware
Calendar Grey November 2, 2010
Dist Slackware Esm H88
Recent updates to proftpd packages have been issued for Slackware, addressing significant security flaws that allow for potential remote execution exploits.
New proftpd packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to a fix security issue

Summary

Here are the details from the Slackware 13.1 ChangeLog: patches/packages/proftpd-1.3.3c-i486-1_slack13.1.txz: Upgraded. Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925), which can allow remote execution of arbitrary code as the user running the ProFTPD daemon. Thanks to TippingPoint and the Zero Day Initiative (ZDI). For more information, see: https://www.cve.org/CVERecord?id=CVE-2010-3867 (* Security fix *)

Topics%20covered

Topics Covered

security advisory critical issue remote execution slackware proftpd stack overflow

Where Find New Packages

HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 11.0:
Updated package for Slackware 12.0:
Updated package for Slackware 12.1:
Updated package for Slackware 12.2:
Updated package for Slackware 13.0:
Updated package for Slackware x86_64 13.0:
Updated package for Slackware 13.1:
Updated package for Slackware x86_64 13.1:
Updated package for Slackware -current:
Updated package for Slackware x86_64 -current:

MD5 Signatures

Slackware 11.0 package: 4e7d54ab57548f34a32f86b77583d614 proftpd-1.3.3c-i486-1_slack11.0.tgz
Slackware 12.0 package: d954a6c90816f4436fee533c152bf4bb proftpd-1.3.3c-i486-1_slack12.0.tgz
Slackware 12.1 package: affbb31b04c5d6919d9a2157059b9403 proftpd-1.3.3c-i486-1_slack12.1.tgz
Slackware 12.2 package: 5a42f293cc183cfa6ec988ec914744b2 proftpd-1.3.3c-i486-1_slack12.2.tgz
Slackware 13.0 package: 768ecea836e4c650a24e74de3afdd518 proftpd-1.3.3c-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: 0be811b7668364deb8902262f2fe17a5 proftpd-1.3.3c-x86_64-1_slack13.0.txz
Slackware 13.1 package: 937d63af93685267ec9e3fc792c46e84 proftpd-1.3.3c-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: 92275cac422a121a141f815ba268a6b7 proftpd-1.3.3c-x86_64-1_slack13.1.txz
Slackware -current package: 4046af3144df2bf0c35d3848e081b6b0 proftpd-1.3.3c-i486-1.txz
Slackware x86_64 -current package: 9268734e9bc5ba67fe176becd391fb34 proftpd-1.3.3c-x86_64-1.txz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory critical issue remote execution slackware proftpd stack overflow

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg proftpd-1.3.3c-i486-1_slack13.1.txz

Your message here