OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: secureCONECTIVA.COM.BR
Date: Thu Feb 08 2001 - 15:41:09 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - --------------------------------------------------------------------------
    CONECTIVA LINUX SECURITY ANNOUNCEMENT
    - --------------------------------------------------------------------------

    PACKAGE : proftpd
    SUMMARY : Denial of Service
    DATE : 2001-02-08 19:17:00
    ID : CLA-2001:380
    RELEVANT
    RELEASES : 4.0, 4.0es, 4.1, 4.2, 5.0, prg gráficos, ecommerce, 5.1, 6.0

    - -------------------------------------------------------------------------

    DESCRIPTION
     "proftpd" is a very popular ftp server.
     Wojciech Purczynski reported two memory leak problems that could be
     used in a DoS attack:
     1) A memoy leak will happen everytime a SIZE command is given,
     provided that the scoreboard file is not writable. The default
     installation is *not* vulnerable to this problem;
     2) A similar problem existed with the USER command. Every USER
     command would cause the server to use more memory.

     Additionally, Przemyslaw Frasunek reported some format string
     vulnerabilities which have been fixed.

    SOLUTION
     It is recommended that all ProFTPd users upgrade to the latest
     packages.

    DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
    ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/proftpd-1.2.0rc3-1cl.src.rpm
    ftp://atualizacoes.conectiva.com.br/4.0/i386/proftpd-1.2.0rc3-1cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/4.0/i386/proftpd-doc-1.2.0rc3-1cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/proftpd-1.2.0rc3-1cl.src.rpm
    ftp://atualizacoes.conectiva.com.br/4.0es/i386/proftpd-1.2.0rc3-1cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/4.0es/i386/proftpd-doc-1.2.0rc3-1cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/proftpd-1.2.0rc3-1cl.src.rpm
    ftp://atualizacoes.conectiva.com.br/4.1/i386/proftpd-1.2.0rc3-1cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/4.1/i386/proftpd-doc-1.2.0rc3-1cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/proftpd-1.2.0rc3-1cl.src.rpm
    ftp://atualizacoes.conectiva.com.br/4.2/i386/proftpd-1.2.0rc3-1cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/4.2/i386/proftpd-doc-1.2.0rc3-1cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/proftpd-1.2.0rc3-1cl.src.rpm
    ftp://atualizacoes.conectiva.com.br/5.0/i386/proftpd-1.2.0rc3-1cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/5.0/i386/proftpd-doc-1.2.0rc3-1cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/proftpd-1.2.0rc3-1cl.src.rpm
    ftp://atualizacoes.conectiva.com.br/5.1/i386/proftpd-1.2.0rc3-1cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/5.1/i386/proftpd-doc-1.2.0rc3-1cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/proftpd-1.2.0rc3-1cl.src.rpm
    ftp://atualizacoes.conectiva.com.br/6.0/RPMS/proftpd-1.2.0rc3-1cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/6.0/RPMS/proftpd-doc-1.2.0rc3-1cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/proftpd-1.2.0rc3-1cl.src.rpm
    ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/proftpd-1.2.0rc3-1cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/proftpd-doc-1.2.0rc3-1cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/proftpd-1.2.0rc3-1cl.src.rpm
    ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/proftpd-1.2.0rc3-1cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/proftpd-doc-1.2.0rc3-1cl.i386.rpm

    ADDITIONAL INSTRUCTIONS
     Users of Conectiva Linux version 6.0 or higher may use apt to perform
     upgrades:
     - add the following line to /etc/apt/sources.list if it is not there yet
       (you may also use linuxconf to do this):

     rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates

     - run: apt-get update
     - after that, execute: apt-get upgrade

     Detailed instructions reagarding the use of apt and upgrade examples
     can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

    - -------------------------------------------------------------------------
    All packages are signed with Conectiva's GPG key. The key and instructions
    on how to import it can be found at
    http://distro.conectiva.com.br/seguranca/chave/?idioma=en
    Instructions on how to check the signatures of the RPM packages can be
    found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

    - -------------------------------------------------------------------------
    All our advisories and generic update instructions can be viewed at
    http://www.conectiva.com.br/suporte/atualizacoes

    - -------------------------------------------------------------------------
    subscribe: conectiva-updates-subscribepapaleguas.conectiva.com.br
    unsubscribe: conectiva-updates-unsubscribepapaleguas.conectiva.com.br
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.4 (GNU/Linux)
    Comment: For info see http://www.gnupg.org

    iD8DBQE6gxJ042jd0JmAcZARAla9AJ96Oo0rdg48gVWpQk5aGI8LA+YI8wCeOp3j
    p3mfPpPSK0NwfGf3gax7Rxg=
    =tNZB
    -----END PGP SIGNATURE-----