Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 4 articles for you...
89
security advisoryinformation leakfedoraFedora 38: 2024-0489e7ba1e Critical: FileZilla CVE-2024-31497 Fix
Fix for CVE-2024-31497. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-0489e7ba1e 2024-04-25 01:36:14.911592 -------------------------------------------------------------------------------- Name : filezilla Product : Fedora 38 Version : 3.67.0 Release : 1.fc38 URL : https://filezilla-project.org/ Summary : FTP, FTPS and SFTP client Description : FileZilla is a FTP, FTPS and SFTP client for Linux with a lot of features. - Supports FTP, FTP over SSL/TLS (FTPS) and SSH File Transfer Protocol (SFTP) - Cross-platform - Available in many languages - Supports resume and transfer of large files greater than 4GB - Easy to use Site Manager and transfer queue - Drag & drop support - Speed limits - Filename filters - Network configuration wizard -------------------------------------------------------------------------------- Update Information: Fix for CVE-2024-31497 -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 15 2024 Gwyn Ciesla - 3.67.0-1 - 3.67.0 * Mon Apr 15 2024 Gwyn Ciesla - 3.66.5-2 - libfilezilla rebuild * Wed Feb 7 2024 Gwyn Ciesla - 3.66.5-1 - 3.66.5 * Wed Jan 24 2024 Fedora Release Engineering - 3.66.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Fri Jan 19 2024 Fedora Release Engineering - 3.66.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2275187 - CVE-2024-31497 filezilla: putty: secret key recovery of NIST P-521 private keys Through Biased ECDSA Nonces in PuTTY Client [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2275187 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisoryFEDORA-2024-0489e7ba1e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 25, 2024
•Critical
Fedora
89
security advisorymoderateFedoraFedora 40: FEDORA-2024-df5a3dce7e Critical FileZilla Key Security Issue
Fix for CVE-2024-31497. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-ff9a2fb31c 2024-04-23 16:40:40.221676 -------------------------------------------------------------------------------- Name : filezilla Product : Fedora 40 Version : 3.67.0 Release : 1.fc40 URL : https://filezilla-project.org/ Summary : FTP, FTPS and SFTP client Description : FileZilla is a FTP, FTPS and SFTP client for Linux with a lot of features. - Supports FTP, FTP over SSL/TLS (FTPS) and SSH File Transfer Protocol (SFTP) - Cross-platform - Available in many languages - Supports resume and transfer of large files greater than 4GB - Easy to use Site Manager and transfer queue - Drag & drop support - Speed limits - Filename filters - Network configuration wizard -------------------------------------------------------------------------------- Update Information: Fix for CVE-2024-31497 -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 15 2024 Gwyn Ciesla - 3.67.0-1 - 3.67.0 * Mon Apr 15 2024 Gwyn Ciesla - 3.66.5-2 - libfilezilla rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2275187 - CVE-2024-31497 filezilla: putty: secret key recovery of NIST P-521 private keys Through Biased ECDSA Nonces in PuTTY Client [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2275187 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-ff9a2fb31c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 23, 2024
•Critical
Fedora
203
security advisoryremote attackmoderate severityMageia: 2024-0034 Moderate: FileZilla Prefix Truncation Attack Fix
Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol used in FileZilla is prone to a prefix truncation attack, known as the "Terrapin attack". A remote attacker could use this issue to downgrade or disable some security features and obtain sensitive information. . MGASA-2024-0034 - Updated filezilla packages fix a security vulnerability ("Terrapin attack") Publication date: 10 Feb 2024 URL: https://advisories.mageia.org/MGASA-2024-0034.html Type: security Affected Mageia releases: 9 CVE: CVE-2023-48795 Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol used in FileZilla is prone to a prefix truncation attack, known as the "Terrapin attack". A remote attacker could use this issue to downgrade or disable some security features and obtain sensitive information. This update fixes the issue. References: - https://bugs.mageia.org/show_bug.cgi?id=32748 - https://ubuntu.com/security/notices/USN-6589-1 - https://www.cve.org/CVERecord?id=CVE-2023-48795 SRPMS: - 9/core/filezilla-3.66.4-1.mga9 . Mageia's MGASA-2024-0035 tackles a major vulnerability in GIMP, reinforcing vital image editing safeguards.. FileZilla Security Update, Mageia Advisory, SSH Protocol Fix. . LinuxSecurity.com Team
Feb 10, 2024
Mageia
172
security advisorymoderate threatinformation exposureUbuntu 23.10: USN-6589-1 moderate: filezilla information exposure
FileZilla could be made to expose sensitive information over the network.. ========================================================================== Ubuntu Security Notice USN-6589-1 January 18, 2024 filezilla vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: FileZilla could be made to expose sensitive information over the network. Software Description: - filezilla: Full-featured graphical FTP/FTPS/SFTP client Details: Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol used in FileZilla is prone to a prefix truncation attack, known as the "Terrapin attack". A remote attacker could use this issue to downgrade or disable some security features and obtain sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: filezilla 3.65.0-3ubuntu0.1 filezilla-common 3.65.0-3ubuntu0.1 Ubuntu 22.04 LTS: filezilla 3.58.0-1ubuntu0.1 filezilla-common 3.58.0-1ubuntu0.1 Ubuntu 20.04 LTS: filezilla 3.46.3-1ubuntu0.1 filezilla-common 3.46.3-1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6589-1 CVE-2023-48795 Package Information: https://launchpad.net/ubuntu/+source/filezilla/3.46.3-1ubuntu0.1 . A critical flaw in FileZilla affects multiple Ubuntu releases, posing a threat to confidential information. Please upgrade without delay.. FileZilla Vulnerability, Information Exposure, Network Security. . LinuxSecurity.com Team
Jan 18, 2024
Ubuntu
197
security advisorycritical issuedebianDebian LTS: DLA-3027-1 Critical: GIMP Vulnerability in Image Handling
Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's home directory. . - -------------------------------------------------------------------------Debian LTS Advisory DLA-3026-1
May 26, 2022
•Critical
Debian LTS
203
security advisoryinformation leakupdateMageia: 2021-0380 Moderate: FileZilla Man-in-the-Middle Attack Risk
filezilla embeds a PuTTY client that was vulnerable: PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client) (CVE-2020-14002). . MGASA-2021-0380 - Updated filezilla packages fix security vulnerability Publication date: 27 Jul 2021 URL: https://advisories.mageia.org/MGASA-2021-0380.html Type: security Affected Mageia releases: 8 CVE: CVE-2020-14002 filezilla embeds a PuTTY client that was vulnerable: PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client) (CVE-2020-14002). The filezilla packages are updated to fix this issue to 3.55.0 version among other bugfixes since 3.51.0 we shipped in Mageia 8. See upstream release notes for more informations. References: - https://bugs.mageia.org/show_bug.cgi?id=29186 - https://lists.fedoraproject.org/archives/list/
Jul 27, 2021
•Important
Mageia
91
security advisorygentooprivilege escalationGentoo: GLSA-202007-51 Normal: FileZilla Untrusted Search Path Issue
A vulnerability was found in FileZilla which might allow privilege escalation.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202007-51 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: FileZilla: Untrusted search path Date: July 27, 2020 Bugs: #717726 ID: 202007-51 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability was found in FileZilla which might allow privilege escalation. Background ========= FileZilla is an open source FTP client. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-ftp/filezilla < 3.47.2.1 > = 3.47.2.1 Description ========== It was discovered that FileZilla uses an untrusted search path. Impact ===== An attacker could use a malicious binary to escalate privileges. Workaround ========= There is no known workaround at this time. Resolution ========= All FileZilla users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-ftp/filezilla-3.47.2.1" References ========= [ 1 ] CVE-2019-5429 https://nvd.nist.gov/vuln/detail/CVE-2019-5429 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202007-51 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jul 26, 2020
Gentoo
203
security advisorysoftware updatecommand injectionMageia 7: 2019-0417 Moderate: FileZilla Command Injection
Updated filezilla packages fix bugs and a security vulnerability: Filenames containing double-quotation marks were not escaped correctly when selected for opening/editing. Depending on the associated program, parts of the filename could be interpreted as commands. . MGASA-2019-0417 - Updated filezilla packages fix security vulnerability Publication date: 31 Dec 2019 URL: https://advisories.mageia.org/MGASA-2019-0417.html Type: security Affected Mageia releases: 7 Updated filezilla packages fix bugs and a security vulnerability: Filenames containing double-quotation marks were not escaped correctly when selected for opening/editing. Depending on the associated program, parts of the filename could be interpreted as commands. For other fixes in this update, see the referenced versions log. References: - https://bugs.mageia.org/show_bug.cgi?id=25932 - https://filezilla-project.org/versions.php - https://lists.fedoraproject.org/archives/list/
Dec 31, 2019
Mageia
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!