[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 4635-1] proftpd-dfsg security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4635-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
February 26, 2020                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : proftpd-dfsg
CVE ID         : CVE-2020-9273
Debian Bug     : 951800

Antonio Morales discovered an user-after-free flaw in the memory pool
allocator in ProFTPD, a powerful modular FTP/SFTP/FTPS server.
Interrupting current data transfers can corrupt the ProFTPD memory pool,
leading to denial of service, or potentially the execution of arbitrary
code.

For the oldstable distribution (stretch), this problem has been fixed
in version 1.3.5b-4+deb9u4.

For the stable distribution (buster), this problem has been fixed in
version 1.3.6-4+deb10u4.

We recommend that you upgrade your proftpd-dfsg packages.

For the detailed security status of proftpd-dfsg please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/proftpd-dfsg

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl5W9SVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QtFhAAmyPdXWZvQztGTqvZrGRIUgQ9pklUva9IFsuBt5pLwHdWPRn1VvUGgKX4
aIQHZvvg/5hmsZv4C5nh8FMdU6MDa87rMO86oJYjQSimAmi16L3ydWgoa8OfQ3kj
5Z+4+yU1Mum00Su5Gw0qXozkHbTcRvMvr4fNcMcjXku9nUxTrz9bwb+bYSqRRq7K
7IEqTTLyrq/a8pHBvBz86+Zn0nvOqQTnGW0O3vQORO4+dMUBoL5DRCC9B3eK3NfB
hNcSUuC1aChqiLTlik0hmuwK5UxyPdSDn56jAFA3aBS0ArNp5lUCim/WbuAFDGy+
jy2kwYj2dlcvV/h7larptqbMTw3mkymv4sgWVjE9FcuwuqYDtcFZo8oTd2/pqyZC
zVUgcihwPTGdtPd2yYGzyPcyi2OrlVYCcWxpDf1ePRV5bRVTF4PA5uHvBjtFb6vr
YLcZkkcLSCpVMB3rP8eWlUp5tSbqCAt7l2wr6Zy9Ul4PNXTtGS9IX1y456mZlZLP
p3Oip8KHbmcH85WjJBw2HN6ECb8CJYKleCTbP9CoZBGBaBc48Qg/mAhi98cvX58b
Z9BAM1duW3JDAbx7yV1CXpaDaXLfkv71aPv/CqZC4TIi0htMHWjysLMtt/9b8hR4
oiz7HILVWGjvaIzGScEqOK3XumvHz5XDG2LmwcPVJ0oWCGQVfRI=
=pzZt
-----END PGP SIGNATURE-----


Reply to: