Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

Slackware ProFTPD Update: SSA:2010-357-02 Critical: SQL Injection Risk

slackware
Calendar Grey December 24, 2010
Dist Slackware Esm H88
Important ProFTPD patches released for Slackware versions 11.0 through 13.1 to rectify vulnerabilities. Discover additional details regarding package enhancements.
New proftpd packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues

Summary

Here are the details from the Slackware 13.1 ChangeLog: patches/packages/proftpd-1.3.3d-i486-1_slack13.1.txz: Upgraded. This update fixes an unbounded copy operation in sql_prepare_where() that could be exploited to execute arbitrary code. However, this only affects servers that use the sql_mod module (which Slackware does not ship), and in addition the ability to exploit this depends on an SQL injection bug that was already fixed in proftpd-1.3.2rc2 (this according to upstream). So in theory, this fix should only be of academic interest. But in practice, better safe than sorry. (* Security fix *)

Topics%20covered

Topics Covered

security advisory security fix slackware package upgrade proftpd unbounded copy

Where Find New Packages

HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 11.0:
Updated package for Slackware 12.0:
Updated package for Slackware 12.1:
Updated package for Slackware 12.2:
Updated package for Slackware 13.0:
Updated package for Slackware x86_64 13.0:
Updated package for Slackware 13.1:
Updated package for Slackware x86_64 13.1:
Updated package for Slackware -current:
Updated package for Slackware x86_64 -current:

MD5 Signatures

Slackware 11.0 package: 1cf858f9e1eb772644b9e621445c0275 proftpd-1.3.3d-i486-1_slack11.0.tgz
Slackware 12.0 package: 9924b166e5c8b5d7761e0e6a8695771f proftpd-1.3.3d-i486-1_slack12.0.tgz
Slackware 12.1 package: 251db6dc1bbabf6b943f00573de1824c proftpd-1.3.3d-i486-1_slack12.1.tgz
Slackware 12.2 package: 5d57c6979152f51de7fce53fb1f930f4 proftpd-1.3.3d-i486-1_slack12.2.tgz
Slackware 13.0 package: 2b80b44e97f397728ee9d798749b185d proftpd-1.3.3d-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: 14fa80f5ce746a3e180c691023505d60 proftpd-1.3.3d-x86_64-1_slack13.0.txz
Slackware 13.1 package: 5d8a483e1243dced4da743aac0e8f475 proftpd-1.3.3d-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: 71673c4521a51232479457ce3dcd4bfd proftpd-1.3.3d-x86_64-1_slack13.1.txz
Slackware -current package: 2ecee055f345ff486decb28e44a14fdc n/proftpd-1.3.3d-i486-1.txz
Slackware x86_64 -current package: 3a8be2b62423a9714ca59d361a88d8a7 n/proftpd-1.3.3d-x86_64-1.txz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory security fix slackware package upgrade proftpd unbounded copy

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg proftpd-1.3.3d-i486-1_slack13.1.txz

Related News

Your message here