Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
203
security advisoryupdateftp clientMageia: 2021-0434 Moderate: Proftpd Memory Disclosure Issue
Fixes memory disclosure to RADIUS servers by mod_radius. Ftp clients like filezilla fail to detect locale with in log : "Status: Server does not support non-ASCII characters." . MGASA-2021-0434 - Updated proftpd packages fix security vulnerability Publication date: 23 Sep 2021 URL: https://advisories.mageia.org/MGASA-2021-0434.html Type: security Affected Mageia releases: 8 Fixes memory disclosure to RADIUS servers by mod_radius. Ftp clients like filezilla fail to detect locale with in log : "Status: Server does not support non-ASCII characters." This comes from proftpd MultilineRFC2228 directive enabled by default. Without this directive Filezilla is able to enable utf8 options correctly. Fixed by disabling MultilineRFC2228 directive. References: - https://bugs.mageia.org/show_bug.cgi?id=29449 - https://lists.fedoraproject.org/archives/list/
Sep 23, 2021
Mageia
89
security advisoryFedoraftp clientFedora 25 Security Update: Globus-FTP-Client Enhancements and Fixes
globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-7591a8e2c9 2017-07-03 18:56:35.537627 --------------------------------------------------------------------------------Name : globus-ftp-client Product : Fedora 25 Version : 8.35 Release : 2.fc25 URL : http://toolkit.globus.org/ Summary : Globus Toolkit - GridFTP Client Library Description : The Globus Toolkit is an open source software toolkit used for building Grid systems and applications. It is being developed by the Globus Alliance and many others all over the world. A growing number of projects and companies are using the Globus Toolkit to unlock the potential of grids for their cause. The globus-ftp-client package contains: GridFTP Client Library --------------------------------------------------------------------------------Update Information: globus-ftp-client * Adapt to Perl 5.26 - POSIX::tmpnam() no longer available * Remove some redundant tests to reduce test time globus-gass-cache-program * GT6 update globus-gass-copy * Don't attempt sshftp data protection without creds (9.24) * Checksum verification based on contribution from IBM (9.24) * Fix uninitialized field related crash (9.25) * Remove checksum data from public handle (9.26) * Prevent some race conditions (9.27) globus-gram-job-manager * Default to running personal gatekeeper on an ephemeral port globus-gridftp-server * New error message format (12.0) * Configuration database (12.0) * Better delay for end of session ref check (12.1) * Fix tests when getgroups() does notreturn effective gid (12.2) globus-gssapi-gsi * Don't unlock unlocked mutex (12.14) * Remove legacy SSLv3 support (12.15) * Test fixes (12.16) * Drop patch globus-gssapi-gsi-mutex-unlock.patch (fixed upstream 12.14) globus-io * Remove legacy SSLv3 support globus-net-manager * Fix .pc typo * Drop patch globus-net-manager-pkgconfig.patch (fixed upstream) globus-xio * Don't rely on globus_error_put(NULL) to be GLOBUS_SUCCESS (5.15) * Fix crash in error handling in http driver (5.16) globus-xio-gsi-driver * Fix crash when checking for anonymous GSS name when name comparison fails globus-xio-pipe-driver * Fix .pc typo globus-xio-udt-driver * Don't force --static flag to pkg-config * Drop some BuildRequires no longer needed with above change * Fix undefined symbols during linking myproxy * Fix error check (6.1.26) * Remove legacy SSLv3 support (6.1.27) --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade globus-ftp-client' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Jul 04, 2017
•Important
Fedora
91
security advisorygentoobuffer overflowGentoo 200312-07 Minimal: Lftp Buffer Overflow Remote Code Execution
Two buffer overflow problems have been found in lftp, a multithreadedcommand-line based FTP client.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200312-07 - -------------------------------------------------------------------------- GLSA: 200312-07 Package: net-ftp/lftp Summary: Two buffer overflow problems found in lftp Severity: minimal Gentoo bug: 35866 Date: 2003-12-16 CVE: CAN-2003-0963 Exploit: remote Affected: =2.6.10 DESCRIPTION: Two buffer overflow problems have been found in lftp, a multithreaded command-line based FTP client. A specially created directory on a web server could be used to execute arbitrary code on the connecting machine. The user's machine has to connect to a malicious web server using HTTP or HTTPS, then issue an "ls" or "rels" command. Please see < for more details on this problem. SOLUTION: All machines which have net-ftp/lftp installed should be updated to use version 2.6.10 or higher using these commands: emerge sync emerge -pv '> =net-ftp/lftp-2.6.10' emerge '> =net-ftp/lftp-2.6.10' emerge clean // end -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (Darwin) iD8DBQE/4U3Wnt0v0zAqOHYRAm7VAJsHDxrJLLQOU51blaP2VMCjkt/+dQCcC6zP m/ELiJH0C0PukA++i1CfCmc=h16K -----END PGP SIGNATURE----- . Various security issues in lftp could enable attackers to run arbitrary code from a distance. It is recommended to update to the latest version to mitigate potential threats.. Gentoo Lftp Buffer Overflow Remote Exploit Secure Updates. . LinuxSecurity.com Team
Dec 18, 2003
Gentoo
91
security advisorygentoobuffer overflowGentoo: GLSA-202301-14 Critical: curl Unsafe Protocol Handling
Two buffer overflow problems have been found in lftp, a multithreaded command-line based FTP client. A specially created directory on a web server could be used to execute arbitrary code on the connecting machine. The user's machine has to connect to a malicious web server using HTTP or [More...]. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200312-07 - -------------------------------------------------------------------------- GLSA: 200312-07 Package: net-ftp/lftp Summary: Two buffer overflow problems found in lftp Severity: minimal Gentoo bug: 35866 Date: 2003-12-16 CVE: CAN-2003-0963 Exploit: remote Affected: =2.6.10 DESCRIPTION: Two buffer overflow problems have been found in lftp, a multithreaded command-line based FTP client. A specially created directory on a web server could be used to execute arbitrary code on the connecting machine. The user's machine has to connect to a malicious web server using HTTP or HTTPS, then issue an "ls" or "rels" command. Please see for more details on this problem. SOLUTION: All machines which have net-ftp/lftp installed should be updated to use version 2.6.10 or higher using these commands: emerge sync emerge -pv '> =net-ftp/lftp-2.6.10' emerge '> =net-ftp/lftp-2.6.10' emerge clean // end -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (Darwin) iD8DBQE/4U3Wnt0v0zAqOHYRAm7VAJsHDxrJLLQOU51blaP2VMCjkt/+dQCcC6zP m/ELiJH0C0PukA++i1CfCmc=h16K -----END PGP SIGNATURE----- . A couple of security vulnerabilities in Gentoo's lftp could lead to remote code execution. It's recommended to update to version 2.6.10 or above for protection.. Gentoo Security, lftp Update, Buffer Overflow Alert, FTP Security Issue. . Severity: Critical. LinuxSecurity.com Team
Dec 18, 2003
•Critical
Gentoo
98
security advisoryRed HatcriticalRed Hat 6.2-8.0 RHSA-2003:020-10 Critical Command Execution Risk
A problem has been found in the Kerberos ftp client.. ` --------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: Updated kerberos packages fix vulnerability in ftp client Advisory ID: RHSA-2003:020-10 Issue date: 2003-01-31 Updated on: 2003-01-31 Product: Red Hat Linux Keywords: krb5 ftp netkit Cross references: Obsoletes: RHSA-2002:242 CVE Names: CAN-2003-0041 --------------------------------------------------------------------- 1. Topic: Updated packages fix a vulnerability found in the Kerberos ftp client distributed with the Red Hat Linux krb5 packages. 2. Relevant releases/architectures: Red Hat Linux 6.2 - i386 Red Hat Linux 7.0 - i386 Red Hat Linux 7.1 - i386 Red Hat Linux 7.2 - i386, ia64 Red Hat Linux 7.3 - i386 Red Hat Linux 8.0 - i386 3. Problem description: Kerberos is a network authentication system. A problem has been found in the Kerberos ftp client. When retrieving a file with a filename beginning with a pipe character, the ftp client will pass the filename to the command shell in a system() call. This could allow a malicious ftp server to write to files outside of the current directory or execute commands as the user running the ftp client. The Kerberos ftp client runs as the default ftp client when the Kerberos package krb5-workstation is installed on a Red Hat Linux distribution. All users of Kerberos are advised to upgrade to these errata packages which contain a backported patch and are not vulnerable to this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Notethat you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. RPMs required: Red Hat Linux 6.2: SRPMS: i386: Red Hat Linux 7.0: SRPMS: i386: Red Hat Linux 7.1: SRPMS: i386: Red Hat Linux 7.2: SRPMS: i386: ia64: Red Hat Linux 7.3: SRPMS: i386: Red Hat Linux 8.0: SRPMS: i386: 6. Verification: MD5 sum Package Name -------------------------------------------------------------------------- 7de192f207e97710837dfdc18dc8be0b 6.2/en/os/SRPMS/krb5-1.1.1-32.src.rpm 4336912a27f2bc883f29ac6d05b6c154 6.2/en/os/i386/krb5-configs-1.1.1-32.i386.rpm 18bdb726d9f38dbc792d5f15bc9db723 6.2/en/os/i386/krb5-devel-1.1.1-32.i386.rpm 6200ee5d3f15a46e5cd3ff2861c881c0 6.2/en/os/i386/krb5-libs-1.1.1-32.i386.rpm fc652d6f61443bc540ba290f69be2253 6.2/en/os/i386/krb5-server-1.1.1-32.i386.rpm 63ad9195b138e7dd65057aa298f8b085 6.2/en/os/i386/krb5-workstation-1.1.1-32.i386.rpm 616cdc7ef0e0e21ea841d0094c907e0a 7.0/en/os/SRPMS/krb5-1.2.2-16.src.rpm a0828c84238c35f745a4e536ae0a9d28 7.0/en/os/i386/krb5-devel-1.2.2-16.i386.rpm 6a417b3633390567e24c8236d0a428aa 7.0/en/os/i386/krb5-libs-1.2.2-16.i386.rpm ee80b17f8d07a416f615e18982bab8f8 7.0/en/os/i386/krb5-server-1.2.2-16.i386.rpm 94ed04976632fbfb45fed0cb1fe39176 7.0/en/os/i386/krb5-workstation-1.2.2-16.i386.rpm 616cdc7ef0e0e21ea841d0094c907e0a 7.1/en/os/SRPMS/krb5-1.2.2-16.src.rpm a0828c84238c35f745a4e536ae0a9d28 7.1/en/os/i386/krb5-devel-1.2.2-16.i386.rpm 6a417b3633390567e24c8236d0a428aa 7.1/en/os/i386/krb5-libs-1.2.2-16.i386.rpm ee80b17f8d07a416f615e18982bab8f87.1/en/os/i386/krb5-server-1.2.2-16.i386.rpm 94ed04976632fbfb45fed0cb1fe39176 7.1/en/os/i386/krb5-workstation-1.2.2-16.i386.rpm 616cdc7ef0e0e21ea841d0094c907e0a 7.2/en/os/SRPMS/krb5-1.2.2-16.src.rpm a0828c84238c35f745a4e536ae0a9d28 7.2/en/os/i386/krb5-devel-1.2.2-16.i386.rpm 6a417b3633390567e24c8236d0a428aa 7.2/en/os/i386/krb5-libs-1.2.2-16.i386.rpm ee80b17f8d07a416f615e18982bab8f8 7.2/en/os/i386/krb5-server-1.2.2-16.i386.rpm 94ed04976632fbfb45fed0cb1fe39176 7.2/en/os/i386/krb5-workstation-1.2.2-16.i386.rpm d3eac1b4295ee369dcfd9995a0e45b37 7.2/en/os/ia64/krb5-devel-1.2.2-16.ia64.rpm ef40911979476a6eb1e5478ac7c47fea 7.2/en/os/ia64/krb5-libs-1.2.2-16.ia64.rpm b75832522f7ea9947be50798ef26b779 7.2/en/os/ia64/krb5-server-1.2.2-16.ia64.rpm 6048f3c9244988cba98faf1393c27723 7.2/en/os/ia64/krb5-workstation-1.2.2-16.ia64.rpm 3969cabccac559df1e3dcb52053c4027 7.3/en/os/SRPMS/krb5-1.2.4-4.src.rpm 6aec2391885a30736e5e1de4a771dc2f 7.3/en/os/i386/krb5-devel-1.2.4-4.i386.rpm 722ab734d6ce600dd80bba2486d8a140 7.3/en/os/i386/krb5-libs-1.2.4-4.i386.rpm 6b5f820a689f7298d31258df42940216 7.3/en/os/i386/krb5-server-1.2.4-4.i386.rpm 342240d400ec1a1538d04da1d223bbf6 7.3/en/os/i386/krb5-workstation-1.2.4-4.i386.rpm eea7b6df4f894efbdd94bac8be3f917d 8.0/en/os/SRPMS/krb5-1.2.5-8.src.rpm 9e91371e397a6eec059a1b5e3139f3ef 8.0/en/os/i386/krb5-devel-1.2.5-8.i386.rpm a830d26d187e18be678ee12722eec485 8.0/en/os/i386/krb5-libs-1.2.5-8.i386.rpm fd353f875ea9edc4375af13ba80ae38f 8.0/en/os/i386/krb5-server-1.2.5-8.i386.rpm 70b04bf0aa7662af6704ce0223ebb914 8.0/en/os/i386/krb5-workstation-1.2.5-8.i386.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at About You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 7. References: cert http://marc.theaimsgroup.com/?l=bugtraq&m=87602746719482 http://marc.theaimsgroup.com/?l=bugtraq&m=87602746719527 CVE -CVE-2003-0041 8. Contact: The Red Hat security contact is . More contact details at All Red Hat products Copyright 2003 Red Hat, Inc. _______________________________________________ Red Hat-watch-list mailing list To unsubscribe, visit: `. A critical advisory addressing command execution risks in Kerberos ftp client on Red Hat systems. Immediate updates recommended.. Kerberos Vulnerability, FTP Client Security, Red Hat Security Update. . Severity: Critical. LinuxSecurity.com Team
Jan 31, 2003
•Critical
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!