[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1974-1] proftpd-dfsg security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : proftpd-dfsg
Version        : 1.3.5e+r1.3.5-2+deb8u4
CVE ID         : CVE-2019-18217


An issue has been found in proftp-dfsg, a versatile, virtual-hosting FTP daemon.

Due to incorrect handling of overly long commands, a remote unauthenticated user could trigger a denial-of-service by reaching an
endless loop.


For Debian 8 "Jessie", this problem has been fixed in version
1.3.5e+r1.3.5-2+deb8u4.

We recommend that you upgrade your proftpd-dfsg packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl214NpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEc+dA/6AjjiQiO2KbpQzN926eELVrwWkgOEsR4eHwq23ozEccJsgLz8ueYH/Huc
Sj2SYBLdGeuCj2mMDfRMXTnfZUK90uTtQiakvlrIBXbym1/ZShhWTz8rwQGMnxZF
nEMyg8BsZCCBKJ2unOIfGglJa8J/iVAQllJ+jEoJIhHpXOmfp7ZwJdw+6SYJjMKe
Hy+5xQa90mkwLeg7+10kNT3OFLnJJHd44w4eyj2BdzmyXt2zgIVeK4vsySSkIO6Z
P/9iL1rjMX6Eld/SDCl3U8iWz7Q8QW69d57O8Li3VkuB2QWnrsS9UWCp1JhFOC/i
bR4Rg1qAxWHhIzds0VMhrOngErStqf75SWtSZSvRo4YaSwbxEoe65VxLJk/dl14I
cIoTmTmStXumxiiQ0dyqofGyVSqgam9mpRSl68GbQC84JWLubcRVGlxwj1L2LKA7
UuJjP8wspc4EArkTy5NoVwUTGkqxr6PaieFk7m8yCDXpTlM1DDl5lQNp4pr66/8v
NZRDRPl9yJcjjxOtrDnYyGE0cYNACS85ab5ZWFGUWhEJ4D5Q9TwrjbUMPOuJeluy
JnOjAI7AkzGNvda/wz55dhOmkP1uVFuQaygiASuAp9bJ4z5IwcBk4adA9OIrwLlb
a2/WIJ7mKoZZZdH89piMzVlsSMezucyazYu1XN0OEdxoQpMcbmc=
=XHOW
-----END PGP SIGNATURE-----


Reply to: