-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Fedora Test Update Notification FEDORA-2004-1376 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1376 2004-06-10 - --------------------------------------------------------------------- Name : wu-ftpd Version 7.3 : 2.6.2-15.7x.legacy Summary : An FTP daemon provided by Washington University. Description : The wu-ftpd package contains the wu-ftpd FTP (File Transfer Protocol) server daemon. The FTP protocol is a method of transferring files between machines on a network and/or over the Internet. Wu-ftpd's features include logging of transfers, logging of commands, on the fly compression and archiving, classification of users' type and location, per class limits, per directory upload permissions, restricted guest accounts, system wide and per directory messages, directory alias, cdpath, filename filter, and virtual host support. - --------------------------------------------------------------------- Update Information: CAN-1999-0997: wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress. CAN-2004-0148: wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead. CAN-2004-0185: Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name. This build fixes a missing build requirement. - --------------------------------------------------------------------- Changelog: 7.3: * Fri Jun 04 2004 John Dalbec <jpdalbec@xxxxxxx> 2.6.2-15.7x.legacy - - Added pam-devel to buildreqs - - Added bugfix patch to reopen syslog after calling PAM - - Added bugfix patch to fix active-mode SSL data connections * Mon May 31 2004 Jesse Keating <jkeating@xxxxxxxxxxxxxxx> 2.6.2-14.legacy.7x - - Added byacc to buildreqs * Sat May 22 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 2.6.2-13.legacy.7x - - bugfix release CAN-1999-0997 ftp conversions - - CAN-2004-0148 escape from home - - CAN-2004-0185 skeychallenge - --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/redhat/ 5b50aa3a91d8bb30aa860ac05ca7b2ea60f91c05 7.3/updates-testing/SRPMS/wu-ftpd-2.6.2-15.7x.legacy.src.rpm 6215a42cadf71683e87a4b7ffa54fd7b37d106a9 7.3/updates-testing/i386/wu-ftpd-2.6.2-15.7x.legacy.i386.rpm Please note that this update is also available via yum and apt through the updates-testing channel. Many people find this an easier way to apply updates. - --------------------------------------------------------------------- - -- Jesse Keating RHCE (http://geek.j2solutions.net) Fedora Legacy Team (http://www.fedoralegacy.org) GPG Public Key (http://geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAyRb94v2HLvE71NURAlGCAJ0R32vZVeIC0dbLvksP9VkL2RttYgCgidlw ge3hz5viWLaAXYCWrLJHYZg= =82lO -----END PGP SIGNATURE----- -- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
