drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in vsftpd
Name: |
Pufferüberlauf in vsftpd |
|
ID: |
SSA:2012-041-05 |
|
Distribution: |
Slackware |
|
Plattformen: |
Slackware -current, Slackware 11.0, Slackware 12.0, Slackware 12.1, Slackware 12.2, Slackware 13.0, Slackware x86_64 13.0, Slackware x86_64 -current, Slackware x86_64 13.1, Slackware 13.1, Slackware x86_64 13.37, Slackware 13.37 |
|
Datum: |
Sa, 11. Februar 2012, 09:50 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
vsftpd |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[slackware-security] vsftpd (SSA:2012-041-05)
New vsftpd packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to work around a vulnerability in glibc.
Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/vsftpd-2.3.5-i486-1_slack13.37.txz: Upgraded. Minor version bump, this also works around a hard to trigger heap overflow in glibc (glibc zoneinfo caching vuln). For there to be any possibility to trigger the glibc bug within vsftpd, the non-default option "chroot_local_user" must be set in /etc/vsftpd.conf. Considered 1) low severity (hard to exploit) and 2) not a vsftpd bug :-) Nevertheless: (* Security fix *) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 11.0: vsftpd-2.3.5-i486-1_slack11.0.tgz
Updated package for Slackware 12.0: vsftpd-2.3.5-i486-1_slack12.0.tgz
Updated package for Slackware 12.1: vsftpd-2.3.5-i486-1_slack12.1.tgz
Updated package for Slackware 12.2: vsftpd-2.3.5-i486-1_slack12.2.tgz
Updated package for Slackware 13.0: vsftpd-2.3.5-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0: vsftpd-2.3.5-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1: vsftpd-2.3.5-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1: vsftpd-2.3.5-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37: vsftpd-2.3.5-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37: vsftpd-2.3.5-x86_64-1_slack13.37.txz
Updated package for Slackware -current: vsftpd-2.3.5-i486-1.txz
Updated package for Slackware x86_64 -current: vsftpd-2.3.5-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 11.0 package: 57e7a8e7249e5f7ff256e5089204c1b3 vsftpd-2.3.5-i486-1_slack11.0.tgz
Slackware 12.0 package: f8e31f944896414466de6bf67b4ce6e4 vsftpd-2.3.5-i486-1_slack12.0.tgz
Slackware 12.1 package: e01a5f12f75d2c973a252dee7ccfb90e vsftpd-2.3.5-i486-1_slack12.1.tgz
Slackware 12.2 package: 035bf8ca7f57e9b87cbe1d23bbfa448f vsftpd-2.3.5-i486-1_slack12.2.tgz
Slackware 13.0 package: 4d076b4ab6a1540819ac95daaec66b96 vsftpd-2.3.5-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: aa9be4d90e86c4a12b19c4145e7dbfd9 vsftpd-2.3.5-x86_64-1_slack13.0.txz
Slackware 13.1 package: 496775bb9c50507fd92beb99dd189283 vsftpd-2.3.5-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: 3b15394f16c65c7998032a0e5ffb5dd2 vsftpd-2.3.5-x86_64-1_slack13.1.txz
Slackware 13.37 package: 5774d8e93d9af86cf6caa8561205da5d vsftpd-2.3.5-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: a0f2af29cb0c3fb1fc906a3e1bd15fdf vsftpd-2.3.5-x86_64-1_slack13.37.txz
Slackware -current package: e30ad11db30ef7d745ec15b3d5e6d9b2 n/vsftpd-2.3.5-i486-1.txz
Slackware x86_64 -current package: 0d2e9323eec38bd7dc7bc55ef2dd3639 n/vsftpd-2.3.5-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root: # upgradepkg vsftpd-2.3.5-i486-1_slack13.37.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk81VeEACgkQakRjwEAQIjNjpQCghABEYaIsRmUi+Y6WjKvwirvd A0EAoIfG9+eEC4pmNXlcY7ZS4EQScSGM =VVJw -----END PGP SIGNATURE-----
|
|
|
|