Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 584
Alerts This Week
Warning Icon 1 584

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 89 articles for you...
89

Fedora 43 ProFTPD Urgent Buffer Overflow Resolution 2026-75a8969e55

Cumulative bug-fix update, including several buffer overflow fixes.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-75a8969e55 2026-07-18 00:27:50.464547+00:00 -------------------------------------------------------------------------------- Name : proftpd Product : Fedora 43 Version : 1.3.9c Release : 1.fc43 URL : http://www.proftpd.org/ Summary : Flexible, stable and highly-configurable FTP server Description : ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory visibility. This package defaults to the standalone behavior of ProFTPD, but all the needed scripts to have it run by systemd instead are included. -------------------------------------------------------------------------------- Update Information: Cumulative bug-fix update, including several buffer overflow fixes. -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 8 2026 Paul Howarth - 1.3.9c-1 - Update to 1.3.9c - ExecEnviron values not passed due to regression since 1.3.8.d (GH#2135) - Stack buffer overflow in MLSD/MLST handling for long path names (GH#2146) - MaxTransfersPerUser no longer enforces configured limits (GH#2158) - AdminControlsACLs for config, get actions not honored as they should be (GH#2163) - Memcached/Redis-cached JSON TLS session/OCSP entries decoded into fixed buffers without bounds checking (GH#2166) - RewriteMap unescape builtin use causes one-byte out-of-bounds write, fails to reject illegal characters (GH#2173) - SQL group name lookup concatenates client-provided group names without escaping (GH#2188) - Authenticated SFTP sessions can overflowthe SFTP packet buffer (GH#2190) - Default Controls socket ACLs unintentionally allow all users access for sending Controls requests (GH#2210) * Fri Jun 12 2026 Yaakov Selkowitz - 1.3.9b-2 - Rebuilt for openssl 4.0 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-75a8969e55' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Critical update for Fedora 43 addresses buffer overflows in ProFTPD with several important fixes.. proftpd fix buffer overflow Fedora update. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 17, 2026 Critical Fedora
89

Fedora 44 proftpd Important Buffer Overflow Fix 2026-2f95481529

Cumulative bug-fix update, including several buffer overflow fixes.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-2f95481529 2026-07-18 00:26:14.272998+00:00 -------------------------------------------------------------------------------- Name : proftpd Product : Fedora 44 Version : 1.3.9c Release : 1.fc44 URL : http://www.proftpd.org/ Summary : Flexible, stable and highly-configurable FTP server Description : ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory visibility. This package defaults to the standalone behavior of ProFTPD, but all the needed scripts to have it run by systemd instead are included. -------------------------------------------------------------------------------- Update Information: Cumulative bug-fix update, including several buffer overflow fixes. -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 8 2026 Paul Howarth - 1.3.9c-1 - Update to 1.3.9c - ExecEnviron values not passed due to regression since 1.3.8.d (GH#2135) - Stack buffer overflow in MLSD/MLST handling for long path names (GH#2146) - MaxTransfersPerUser no longer enforces configured limits (GH#2158) - AdminControlsACLs for config, get actions not honored as they should be (GH#2163) - Memcached/Redis-cached JSON TLS session/OCSP entries decoded into fixed buffers without bounds checking (GH#2166) - RewriteMap unescape builtin use causes one-byte out-of-bounds write, fails to reject illegal characters (GH#2173) - SQL group name lookup concatenates client-provided group names without escaping (GH#2188) - Authenticated SFTP sessions can overflowthe SFTP packet buffer (GH#2190) - Default Controls socket ACLs unintentionally allow all users access for sending Controls requests (GH#2210) * Fri Jun 12 2026 Yaakov Selkowitz - 1.3.9b-2 - Rebuilt for openssl 4.0 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-2f95481529' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Cumulative update for proftpd in Fedora 44 includes essential bug fixes for buffer overflows and security enhancements.. proftpd update,Fedora 44,buffer overflow fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 17, 2026 Important Fedora
99

Slackware proftpd Critical Stack Overflow Advisory 2026-189-02

New proftpd packages are available for Slackware 15.0 and -current to fix security issues.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] proftpd (SSA:2026-189-02) New proftpd packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/proftpd-1.3.9c-i586-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: ExecEnviron values not passed due to regression since 1.3.8.d. Stack buffer overflow in MLSD/MLST handling for long path names. MaxTransfersPerUser no longer enforces configured limits. AdminControlsACLs for config, get actions not honored as they should be. Memcached/Redis-cached JSON TLS session/OCSP entries decoded into fixed buffers without bounds checking. RewriteMap unescape builtin use causes one-byte out-of-bounds write, fails to reject illegal characters. SQL group name lookup concatenates client-provided group names without escaping. Authenticated SFTP sessions can overflow the SFTP packet buffer. Default Controls socket ACLs unintentionally allow all users access for sending Controls requests. (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/proftpd-1.3.9c-i586-1_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/proftpd-1.3.9c-x86_64-1_slack15.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/proftpd-1.3.9c-i686-1.txz Updated package for Slackware x86_64-current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/proftpd-1.3.9c-x86_64-1.txz MD5 signatures: +-------------+ Slackware 15.0 package: 5e957bcf4abf13fc957520d6987eb954 proftpd-1.3.9c-i586-1_slack15.0.txz Slackware x86_64 15.0 package: 7506a63751fc4996465a2c83e9174eae proftpd-1.3.9c-x86_64-1_slack15.0.txz Slackware -current package: eb1aa81c4db3a984dc39f9e75438e067 n/proftpd-1.3.9c-i686-1.txz Slackware x86_64 -current package: d28ec7ff480ab4121deb30c59c73e9ca n/proftpd-1.3.9c-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg proftpd-1.3.9c-i586-1_slack15.0.txz +-----+ . Upgrade to the latest proftpd package for Slackware to address significant security issues and bugs in the software.. proftpd security issues, Slackware package updates, buffer overflow fix. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 08, 2026 Critical Slackware
203

Mageia 9 ProFTPD Critical SQL Injection Remote Code Exec 2026-0200

Security update. Publication date: 12 Jun 2026 URL: https://advisories.mageia.org/MGASA-2026-0200.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-42167, CVE-2026-44331 Description: CVE-2026-42167 mod_sql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands (e.g., COPY TO PROGRAM). CVE-2026-44331 a SQL injection vulnerability in sqltab_fetch_clients_cb() in contrib/mod_wrap2_sql.c allows a remote attacker to inject arbitrary SQL commands via a crafted domain name that is accessed in a reverse DNS lookup. When "UseReverseDNS on" is enabled, the attacker-supplied hostname is passed unescaped into SQL queries. The character restrictions of DNS names may affect References: - https://bugs.mageia.org/show_bug.cgi?id=35445 - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./message/BEM6GPOFEILUHBP4D2KWIUHVXL5546WE/ - https://www.cve.org/CVERecord?id=CVE-2026-42167 - https://www.cve.org/CVERecord?id=CVE-2026-44331 SRPMS: - 9/core/proftpd-1.3.8c-1.2.mga9 . Explore a critical security update for ProFTPD in Mageia to mitigate SQL injection risks and remote code execution.. Mageia security advisory, ProFTPD SQL injection, Mageia vulnerabilities, ProFTPD security update. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 12, 2026 Critical Mageia
202

openSUSE ProFTPD Important Null Pointer Access Control CVE-2024-48651

An update that fixes two vulnerabilities is now available.. openSUSE Security Update: Security update for proftpd ______________________________________________________________________________ Announcement ID: openSUSE-SU-2025:0315-1 Rating: important References: #1233997 #1236889 Cross-References: CVE-2024-48651 CVE-2024-57392 CVSS scores: CVE-2024-48651 (SUSE): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVE-2024-57392 (SUSE): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Affected Products: openSUSE Backports SLE-15-SP6 openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for proftpd fixes the following issues: - CVE-2024-57392: Null pointer dereference vulnerability by sending a maliciously crafted message (boo#1236889). - CVE-2024-48651: Supplemental group inheritance grants unintended access to GID 0 (boo#1233997). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2025-315=1 - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2025-315=1 Package List: - openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64): proftpd-1.3.8d-bp157.2.3.1 proftpd-debuginfo-1.3.8d-bp157.2.3.1 proftpd-debugsource-1.3.8d-bp157.2.3.1 proftpd-devel-1.3.8d-bp157.2.3.1 proftpd-doc-1.3.8d-bp157.2.3.1 proftpd-ldap-1.3.8d-bp157.2.3.1 proftpd-ldap-debuginfo-1.3.8d-bp157.2.3.1 proftpd-mysql-1.3.8d-bp157.2.3.1 proftpd-mysql-debuginfo-1.3.8d-bp157.2.3.1 proftpd-pgsql-1.3.8d-bp157.2.3.1 proftpd-pgsql-debuginfo-1.3.8d-bp157.2.3.1 proftpd-radius-1.3.8d-bp157.2.3.1 proftpd-radius-debuginfo-1.3.8d-bp157.2.3.1 proftpd-sqlite-1.3.8d-bp157.2.3.1 proftpd-sqlite-debuginfo-1.3.8d-bp157.2.3.1 - openSUSE Backports SLE-15-SP7 (noarch): proftpd-lang-1.3.8d-bp157.2.3.1 - openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64): proftpd-1.3.8d-bp156.2.6.1 proftpd-devel-1.3.8d-bp156.2.6.1 proftpd-doc-1.3.8d-bp156.2.6.1 proftpd-ldap-1.3.8d-bp156.2.6.1 proftpd-mysql-1.3.8d-bp156.2.6.1 proftpd-pgsql-1.3.8d-bp156.2.6.1 proftpd-radius-1.3.8d-bp156.2.6.1 proftpd-sqlite-1.3.8d-bp156.2.6.1 - openSUSE Backports SLE-15-SP6 (noarch): proftpd-lang-1.3.8d-bp156.2.6.1 References: https://www.suse.com/security/cve/CVE-2024-48651.html https://www.suse.com/security/cve/CVE-2024-57392.html https://bugzilla.suse.com/1233997 https://bugzilla.suse.com/1236889 . An important security update for proftpd addresses two vulnerabilities affecting openSUSE. Apply updates to mitigate risks.. openSUSE proftpd security patch update vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 11, 2026 Important OpenSUSE
99

Slackware advises on ProFTPD - SSA-2026-154-03 SQL Vulnerability issue

New proftpd packages are available for Slackware 15.0 and -current to fix a security issue.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] proftpd (SSA:2026-154-03) New proftpd packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/proftpd-1.3.9b-i586-1_slack15.0.txz: Upgraded. This update fixes a security issue: Additional fixes for SQL injection, notably for handling `%{env:...}` and `%{note:...}` variables. For more information, see: https://www.cve.org/CVERecord?id=CVE-2026-42167 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/proftpd-1.3.9b-i586-1_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/proftpd-1.3.9b-x86_64-1_slack15.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/proftpd-1.3.9b-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/proftpd-1.3.9b-x86_64-1.txz MD5 signatures: +-------------+ Slackware 15.0 package: c1fb9d4ddf43f8619964b363c010e157 proftpd-1.3.9b-i586-1_slack15.0.txz Slackware x86_64 15.0 package: 414ccbd2e9faee806d141bf5c488cdc3 proftpd-1.3.9b-x86_64-1_slack15.0.txz Slackware -current package: 432397c14bc54c0ffd6af3f1f54da8af n/proftpd-1.3.9b-i686-1.txz Slackware x86_64 -current package: 264fbc075d665f23b1c93b652fdbec15 n/proftpd-1.3.9b-x86_64-1.txz Installationinstructions: +------------------------+ Upgrade the package as root: # upgradepkg proftpd-1.3.9b-i586-1_slack15.0.txz +-----+ . Critical proftpd update for Slackware 15.0 fixes SQL injection security issue. Immediate upgrade recommended.. proftpd update security slackware SQL injection exploit resolution. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 03, 2026 Critical Slackware
89

Fedora 43 proftpd Significant SQL Injection Issue 2026-4ddb108952

This update contains an updated mod_wrap2_sql that addresses a potential SQL injection issue when connected to from a client with a maliciously-constructed reverse DNS record (CVE-2026-44331). Note that mod_wrap2_sql is not enabled by default and the issue can only happen if UseReverseDNS is enabled, which is also off by default.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-4ddb108952 2026-05-21 01:26:51.960444+00:00 -------------------------------------------------------------------------------- Name : proftpd Product : Fedora 43 Version : 1.3.9a Release : 2.fc43 URL : http://www.proftpd.org/ Summary : Flexible, stable and highly-configurable FTP server Description : ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory visibility. This package defaults to the standalone behavior of ProFTPD, but all the needed scripts to have it run by systemd instead are included. -------------------------------------------------------------------------------- Update Information: This update contains an updated mod_wrap2_sql that addresses a potential SQL injection issue when connected to from a client with a maliciously-constructed reverse DNS record (CVE-2026-44331). Note that mod_wrap2_sql is not enabled by default and the issue can only happen if UseReverseDNS is enabled, which is also off by default. -------------------------------------------------------------------------------- ChangeLog: * Mon May 11 2026 Paul Howarth - 1.3.9a-2 - Additional escaping for avoidance of SQL injection issues with %{note:...} and %{env:...}; these are on top of the existing fix for CVE-2026-42167 in 1.3.9a - Fix for SQL Injection inmod_wrap2_sql via reverse DNS hostname (CVE-2026-44331, rhbz#2466899, https://github.com/proftpd/proftpd/issues/2057) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2466899 - CVE-2026-44331 proftpd: SQL injection via reverse DNS hostname [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2466899 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-4ddb108952' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Fedora 43 proftpd update addresses SQL injection through reverse DNS records vulnerability with advisory 2026-4ddb108952.. proftpd security update, Fedora 43 vulnerability, SQL injection advisory. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 21, 2026 Important Fedora
89

Fedora 44 ProFTPD Important SQL Injection Threat Advisory 2026-871243b391

This update contains an updated mod_wrap2_sql that addresses a potential SQL injection issue when connected to from a client with a maliciously-constructed reverse DNS record (CVE-2026-44331). Note that mod_wrap2_sql is not enabled by default and the issue can only happen if UseReverseDNS is enabled, which is also off by default.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-871243b391 2026-05-21 00:54:04.884676+00:00 -------------------------------------------------------------------------------- Name : proftpd Product : Fedora 44 Version : 1.3.9a Release : 2.fc44 URL : http://www.proftpd.org/ Summary : Flexible, stable and highly-configurable FTP server Description : ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory visibility. This package defaults to the standalone behavior of ProFTPD, but all the needed scripts to have it run by systemd instead are included. -------------------------------------------------------------------------------- Update Information: This update contains an updated mod_wrap2_sql that addresses a potential SQL injection issue when connected to from a client with a maliciously-constructed reverse DNS record (CVE-2026-44331). Note that mod_wrap2_sql is not enabled by default and the issue can only happen if UseReverseDNS is enabled, which is also off by default. -------------------------------------------------------------------------------- ChangeLog: * Mon May 11 2026 Paul Howarth - 1.3.9a-2 - Additional escaping for avoidance of SQL injection issues with %{note:...} and %{env:...}; these are on top of the existing fix for CVE-2026-42167 in 1.3.9a - Fix for SQL Injection inmod_wrap2_sql via reverse DNS hostname (CVE-2026-44331, rhbz#2466899, https://github.com/proftpd/proftpd/issues/2057) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2466899 - CVE-2026-44331 proftpd: SQL injection via reverse DNS hostname [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2466899 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-871243b391' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . This update for Fedora 44 addresses a critical SQL injection issue in ProFTPD, enhancing security against attacks.. SQL Injection ProFTPD Update, Fedora 44 Security, mod_wrap2_sql Patch. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 21, 2026 Important Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200