Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
89
security advisoryfedoraremote accessFedora 42 vsftpd Critical CVE-2025-14242 Remote Access Vulnerability
Resolve CVE-2025-14242. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-f6fadfed32 2026-01-23 01:14:49.116932+00:00 -------------------------------------------------------------------------------- Name : vsftpd Product : Fedora 42 Version : 3.0.5 Release : 14.fc42 URL : https://security.appspot.com/vsftpd.html Summary : Very Secure Ftp Daemon Description : vsftpd is a Very Secure FTP daemon. It was written completely from scratch. -------------------------------------------------------------------------------- Update Information: Resolve CVE-2025-14242 -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 14 2026 Tomas Korbar - 3.0.5-14 - Resolve CVE-2025-14242 * Thu Dec 18 2025 Fedor Vorobev - 3.0.5-13 - Add a tmpfiles.d config. (image mode support) * Fri Jul 25 2025 Fedora Release Engineering - 3.0.5-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-f6fadfed32' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jan 23, 2026
•Important
Fedora
99
security advisoryremote exploitcriticalSlackware 7.1: wu-ftpd Critical Update for Remote Access Threat
A remote exploit has been found in the FTP daemon, wu-ftpd. This can allow an attacker full access to your machine. . -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1 - ----- Original Message -----From: "Slackware Security Team" To: Sent: Wednesday, June 28, 2000 5:18 AM Subject: [slackware-security] wu-ftpd remote exploit patched A remote exploit has been found in the FTP daemon, wu-ftpd. This can allow an attacker full access to your machine. The wu-ftpd daemon is part of the tcpip1.tgz package in the N series. A new tcpip1.tgz package is now available in the Slackware 7.1 tree. We have also provided a seperate patch package for users who have already installed Slackware 7.1 and just want the new FTP daemon. ======================================== wu-ftpd 2.6.0 AVAILABLE - (n6/tcpip1.tgz) ======================================== The recent root exploit in wu-ftpd has been patched and the new tcpip1.tgz is in the Slackware 7.1 tree: A seperate wu-ftpd-only patch package is available in the patches/ subdirectory: All users are strongly urged to upgrade to the patched wu-ftpd daemon. You only need to download one package to get the new FTP daemon. Here are the md5sums and checksums for the packages: 1660403894 62427 ./wu-ftpd-patch.tgz d42c1708634232f8bc6a396827959851 ./wu-ftpd-patch.tgz 3287743865 1017793 ./n6/tcpip1.tgz 7aff2b13086e881a6ee029d44a448f17 ./n6/tcpip1.tgz INSTALLATION INSTRUCTIONS FOR THE tcpip1.tgz PACKAGE: ---------------------------------------------------- If you have downloaded the new tcpip1.tgz package, you should bring the system into runlevel 1 and run upgradepkg on it: # telinit 1 # upgradepkg tcpip1.tgz # telinit 3 INSTALLATION INSTRUCTIONS FOR THE wu-ftpd-patch.tgz PACKAGE: ----------------------------------------------------------- If you have downloaded the wu-ftpd-patch.tgz package, you should bring the system into runlevel 1 and run installpkg on it: # telinit 1 # installpkg wu-ftpd-patch.tgz # telinit 3 Remember, it's also a good idea to backup configuration files before upgrading packages. - - Slackware Linux Security Team The Slackware Linux Project -----BEGIN PGP SIGNATURE-----Version: PGPfreeware 6.5.2 for non-commercial use iQA/AwUBOVollsngd47OM+yTEQIZsgCffHR0j80zHs9sl79XyZBtwBULuNsAn3mY tce8IvTDwbIul0DIFAbkees1 =mLB4 -----END PGP SIGNATURE----- . Critical alert regarding wu-ftpd identifies a flaw that allows unauthorized external access, resulting in potential takeover of your server.. Slackware Security, FTP Security Update, Remote Access Fix. . Severity: Critical. LinuxSecurity.com Team
Jul 06, 2020
•Critical
Slackware
91
security advisoryGentoohigh severityGentoo: GLSA-200409-19 High: Heimdal FTP Remote Code Execution
Several bugs exist in the Heimdal ftp daemon which could allow a remote attacker to gain root privileges.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200409-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Heimdal: ftpd root escalation Date: September 16, 2004 Bugs: #61412 ID: 200409-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Several bugs exist in the Heimdal ftp daemon which could allow a remote attacker to gain root privileges. Background ========= Heimdal is an implementation of Kerberos 5. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-crypt/heimdal < 0.6.3 > = 0.6.3 Description ========== Przemyslaw Frasunek discovered several flaws in lukemftpd, which also apply to Heimdal ftpd's out-of-band signal handling code. Additionally, a potential vulnerability that could lead to Denial of Service by the Key Distribution Center (KDC) has been fixed in this version. Impact ===== A remote attacker could be able to run arbitrary code with escalated privileges, which can result in a total compromise of the server. Workaround ========= There is no known workaround at this time. Resolution ========= All Heimdal users should upgrade to the latest version: # emerge sync # emerge -pv "> =app-crypt/heimdal-0.6.3" # emerge "> =app-crypt/heimdal-0.6.3" References ========= [ 1 ] Heimdal advisory [ 2 ] Advisory by Przemyslaw Frasunek [ 3 ] CAN-2004-0794 https://www.cve.org/CVERecord?id=CVE-CAN-2004-0794 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200409-19 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Sep 16, 2004
Gentoo
98
security advisoryRed HatupdateRed Hat 9: RHSA-2003:084-01 Critical: vsftpd Tcp_Wrappers Issue
The vsftpd FTP daemon switched from being run by xinetd to being run as a standalone service. In doing so, it was accidentally not compiled against tcp_wrappers.. ` --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated vsftpd packages re-enable tcp_wrappers support Advisory ID: RHSA-2003:084-01 Issue date: 2003-04-01 Updated on: 2003-04-01 Product: Red Hat Linux Keywords: vsftpd tcp_wrappersCross references: Obsoletes: CVE Names: CAN-2003-0135 --------------------------------------------------------------------- 1. Topic: Updated vsftpd packages that re-enable tcp_wrappers support are available for Red Hat Linux 9. 2. Relevant releases/architectures: Red Hat Linux 9 - i386 3. Problem description: In Red Hat Linux 9, the vsftpd FTP daemon switched from being run by xinetd to being run as a standalone service. In doing so, it was accidentally not compiled against tcp_wrappers. Users of vsftpd who make use of tcp_wrappers features are advised to upgrade to these errata packages. This issue only affects Red Hat Linux 9 boxed sets manufactured for distribution within the United States. The part numbers, which can be found on the bottom flap of the box, are RHF0120US and RHF0121US. Copies of Red Hat Linux 9 obtained through other means (such as from Red Hat Network, FTP, or international boxed sets) already contain the packages referenced by this erratum, and are not vulnerable to this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if yourcurrent directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. RPMs required: Red Hat Linux 9: SRPMS: i386: 6. Verification: MD5 sum Package Name -------------------------------------------------------------------------- 31bf5c2e87909c74f8ad9e76b2e46fea 9/en/os/SRPMS/vsftpd-1.1.3-8.src.rpm d2e807f808c45407f08528f50d29933b 9/en/os/i386/vsftpd-1.1.3-8.i386.rpm These packages are GPG signed by Red Hat for security. Our key is available at All Red Hat products You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: md5sum 7. References: CVE -CVE-2003-0135 8. Contact: The Red Hat security contact is . More contact details at All Red Hat products Copyright 2003 Red Hat, Inc. _______________________________________________ Red Hat-watch-list mailing list To unsubscribe, visit: `. The latest vsftpd updates reinstate tcp_wrappers capabilities, effectively addressing major security issues highlighted in the Red Hat Advisory.. vsftpd support,tcp_wrappers threat,Red Hat advisory,FTP daemon security. . Severity: Critical. LinuxSecurity.com Team
Apr 01, 2003
•Critical
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!