-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Fedora Test Update Notification FEDORA-2004-1376 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1376 2004-05-31 - --------------------------------------------------------------------- Name : wu-ftpd Version 7.3 : 2.6.2-14.legacy.7x Summary : An FTP daemon provided by Washington University. Description : The wu-ftpd package contains the wu-ftpd FTP (File Transfer Protocol) server daemon. The FTP protocol is a method of transferring files between machines on a network and/or over the Internet. Wu-ftpd's features include logging of transfers, logging of commands, on the fly compression and archiving, classification of users' type and location, per class limits, per directory upload permissions, restricted guest accounts, system wide and per directory messages, directory alias, cdpath, filename filter, and virtual host support. - --------------------------------------------------------------------- Update Information: CAN-1999-0997: wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress. CAN-2004-0148: wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead. CAN-2004-0185: Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name. - --------------------------------------------------------------------- Changelog: 7.3: * Mon May 31 2004 Jesse Keating <jkeating@xxxxxxxxxxxxxxx> 2.6.2-14.legacy.7x - - Added byacc to buildreqs * Sat May 22 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.6.2-13.legacy.7x - - bugfix release CAN-1999-0997 ftp conversions - - CAN-2004-0148 escape from home - - CAN-2004-0185 skeychallenge - --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/redhat/ 4fafbba3bd2a5522d5ad39ad4a1ae742751628d5 7.3/updates-testing/SRPMS/wu-ftpd-2.6.2-14.legacy.7x.src.rpm 8005185d531ffc61f6b749b7a49b4875fbd49e33 7.3/updates-testing/i386/wu-ftpd-2.6.2-14.legacy.7x.i386.rpm Please note that this update is also available via yum and apt through the updates-testing channel. Many people find this an easier way to apply updates. - --------------------------------------------------------------------- - -- Jesse Keating RHCE (http://geek.j2solutions.net) Fedora Legacy Team (http://www.fedoralegacy.org) GPG Public Key (http://geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAu6Yw4v2HLvE71NURAi6RAJ9j5KaQuouyXBv46IV/W0fbAwW+jwCgs7Jz c53WqsP/T6x8jARsyNTXXGQ= =Hw8Y -----END PGP SIGNATURE----- -- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
