Detalji

U radu programskog paketa ProFTPD uočen je sigurnosni nedostatak. Riječ je o besplatnom poslužitelju koji omogućuje sigurnu i jednostavnu razmjenu podataka na mreži koristeći protokol FTP. Nedostatak se očituje u prepisivanju cjelobrojne varijable u "mod_sftp" modulu. Udaljeni, zlonamjerni korisnik ga može iskoristiti za izvođenje napada uskraćivanjem usluge (eng. Denial of Service) putem zlonamjerno oblikovane SSH poruke. Budući da je dostupna nadogradnja koja ispravlja spomenuti nedostatak, korisnicima se savjetuje njezina primjena.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  proftpd (SSA:2011-095-01)

New proftpd packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,
13.1, and -current to fix security issues.


Here are the details from the Slackware 13.1 ChangeLog:
+--------------------------+
patches/packages/proftpd-1.3.3e-i486-1_slack13.1.txz:  Upgraded.
  Fixes CVE-2011-1137 (badly formed SSH messages cause DoS).
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1137
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

HINT:  Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try.  This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating additional FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/proftpd-1.3.3e-i486-1_slack11.0.tgz

Updated package for Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/proftpd-1.3.3e-i486-1_slack12.0.tgz

Updated package for Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/proftpd-1.3.3e-i486-1_slack12.1.tgz

Updated package for Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/proftpd-1.3.3e-i486-1_slack12.2.tgz

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/proftpd-1.3.3e-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/proftpd-1.3.3e-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/proftpd-1.3.3e-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/proftpd-1.3.3e-x86_64-1_slack13.1.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/proftpd-1.3.3e-i486-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/proftpd-1.3.3e-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 11.0 package:
611648699297448e3c24921baa16e18f  proftpd-1.3.3e-i486-1_slack11.0.tgz

Slackware 12.0 package:
9d98fa835edce4d1bdd73b497883524c  proftpd-1.3.3e-i486-1_slack12.0.tgz

Slackware 12.1 package:
0c4c1b845099e1bd170d3e851b6af4e8  proftpd-1.3.3e-i486-1_slack12.1.tgz

Slackware 12.2 package:
c13a88d18c9587596107aec43ceb786d  proftpd-1.3.3e-i486-1_slack12.2.tgz

Slackware 13.0 package:
e757e64ca202459bac2bdddb2df1a9d6  proftpd-1.3.3e-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
df4fd128247587acd7c75bda5a6872e3  proftpd-1.3.3e-x86_64-1_slack13.0.txz

Slackware 13.1 package:
ca55c7fea4ccc22527f3ecbb7f4372bd  proftpd-1.3.3e-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
7294cefe2eab238a1510c8b1c6bcfc44  proftpd-1.3.3e-x86_64-1_slack13.1.txz

Slackware -current package:
2c84aa21ce52513bac0f9c56b658c1b3  n/proftpd-1.3.3e-i486-1.txz

Slackware x86_64 -current package:
2b0c02926c5f0f2a3abebfd67ac2720e  n/proftpd-1.3.3e-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg proftpd-1.3.3e-i486-1_slack13.1.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite. with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk2apYEACgkQakRjwEAQIjPvTwCfUHcTrAEbQmkvFzqNi6hgnKn5
YMYAoI7OluZlnX6L91EYvVXv2CNetlPf
=evdm
-----END PGP SIGNATURE-----

Idi na vrh