Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 734
Alerts This Week
Warning Icon 1 734

Slackware tftp-hpa Moderate Path Bypass Buffer Overflow Fix 2026-188-01

slackware
Calendar Grey July 7, 2026
Dist Slackware Esm H88
New tftp-hpa packages for Slackware 15.0 address bugs and enhance security with fixes for path validation issues.
New tftp-hpa packages are available for Slackware 15.0 and -current to fix security issues.

Summary

Here are the details from the Slackware 15.0 ChangeLog: patches/packages/tftp-hpa-5.4-i586-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: Fix several security-relevant bugs in path validation (tftpd/path.c): an uninitialized buffer read and a broken path tokenizer could let a crafted or unlucky request bypass path restrictions or crash the daemon. Fix buffer overflows in the tftp client: an unbounded strcpy() when building requests, an out-of-bounds write when putting multiple files to a remote directory, and an unbounded write into the interactive command-line argument array. Fix an out-of-bounds read while scanning request fields in tftpd, and an incorrect address family used when creating the per-transfer socket on platforms without recvmsg(). (* Security fix *)

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/tftp-hpa-5.4-i586-1_slack15.0.txz
Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/tftp-hpa-5.4-x86_64-1_slack15.0.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/tftp-hpa-5.4-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/tftp-hpa-5.4-x86_64-1.txz

MD5 Signatures

Slackware 15.0 package: 65b0e569f3be1f1e78d030db87a7c6e8 tftp-hpa-5.4-i586-1_slack15.0.txz
Slackware x86_64 15.0 package: 602459145ea0e3e64a724670ca22b925 tftp-hpa-5.4-x86_64-1_slack15.0.txz
Slackware -current package: c968992906498bdfae34486265b2941d n/tftp-hpa-5.4-i586-1.txz
Slackware x86_64 -current package: 5ec81681a4e176e63c524beae5d62946 n/tftp-hpa-5.4-x86_64-1.txz

Severity
moderate
Lowest
Low
Medium
High
Critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg tftp-hpa-5.4-i586-1_slack15.0.txz