

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1



[slackware-security] proftpd (SSA:2017-112-03)



New proftpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,

14.2, and -current to fix security issues.





Here are the details from the Slackware 14.2 ChangeLog:

+--------------------------+

patches/packages/proftpd-1.3.5e-i586-1_slack14.2.txz: Upgraded.

This release fixes a security issue:

AllowChrootSymlinks off does not check entire DefaultRoot path for symlinks.

For more information, see:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7418

(* Security fix *)

+--------------------------+





Where to find the new packages:

+-----------------------------+



Thanks to the friendly folks at the OSU Open Source Lab

(http://osuosl.org) for donating FTP and rsync hosting

to the Slackware project! :-)



Also see the "Get Slack" section on http://slackware.com for

additional mirror sites near you.



Updated package for Slackware 13.0:

proftpd-1.3.5e-i486-1_slack13.0.txz



Updated package for Slackware x86_64 13.0:

proftpd-1.3.5e-x86_64-1_slack13.0.txz



Updated package for Slackware 13.1:

proftpd-1.3.5e-i486-1_slack13.1.txz



Updated package for Slackware x86_64 13.1:

proftpd-1.3.5e-x86_64-1_slack13.1.txz



Updated package for Slackware 13.37:

proftpd-1.3.5e-i486-1_slack13.37.txz



Updated package for Slackware x86_64 13.37:

proftpd-1.3.5e-x86_64-1_slack13.37.txz



Updated package for Slackware 14.0:

proftpd-1.3.5e-i486-1_slack14.0.txz



Updated package for Slackware x86_64 14.0:

proftpd-1.3.5e-x86_64-1_slack14.0.txz



Updated package for Slackware 14.1:

proftpd-1.3.5e-i486-1_slack14.1.txz



Updated package for Slackware x86_64 14.1:

proftpd-1.3.5e-x86_64-1_slack14.1.txz



Updated package for Slackware 14.2:

proftpd-1.3.5e-i586-1_slack14.2.txz



Updated package for Slackware x86_64 14.2:

proftpd-1.3.5e-x86_64-1_slack14.2.txz



Updated package for Slackware -current:

proftpd-1.3.6-i586-1.txz



Updated package for Slackware x86_64 -current:

proftpd-1.3.6-x86_64-1.txz





MD5 signatures:

+-------------+



Slackware 13.0 package:

29fac5225474d7067f752356e3da5a19 proftpd-1.3.5e-i486-1_slack13.0.txz



Slackware x86_64 13.0 package:

2b2c93e021670a9d03344ddfa28c8f72 proftpd-1.3.5e-x86_64-1_slack13.0.txz



Slackware 13.1 package:

ad63b548c174417ff0783c1206557049 proftpd-1.3.5e-i486-1_slack13.1.txz



Slackware x86_64 13.1 package:

8e96161f5a60b7f4b12a4d05fc66b108 proftpd-1.3.5e-x86_64-1_slack13.1.txz



Slackware 13.37 package:

ee0a7aee737cd3b348c75c3a4be4480f proftpd-1.3.5e-i486-1_slack13.37.txz



Slackware x86_64 13.37 package:

b02e14a5d3f0fd2ecbac46926b7b7af2 proftpd-1.3.5e-x86_64-1_slack13.37.txz



Slackware 14.0 package:

3f7c345f620b44324dc587357403c062 proftpd-1.3.5e-i486-1_slack14.0.txz



Slackware x86_64 14.0 package:

7631ac1d122b0f0cb2e7fad424851e19 proftpd-1.3.5e-x86_64-1_slack14.0.txz



Slackware 14.1 package:

7608c56fe55109efbea7e99f8dcbef52 proftpd-1.3.5e-i486-1_slack14.1.txz



Slackware x86_64 14.1 package:

ce1c02de624381d2b9811d78cb54edf8 proftpd-1.3.5e-x86_64-1_slack14.1.txz



Slackware 14.2 package:

457000b30dd692332ec9ab122743f769 proftpd-1.3.5e-i586-1_slack14.2.txz



Slackware x86_64 14.2 package:

bbd36fe6b194c63e1d9e6a8393704586 proftpd-1.3.5e-x86_64-1_slack14.2.txz



Slackware -current package:

0399494a18f2ecfbfe81a0e301ed4064 n/proftpd-1.3.6-i586-1.txz



Slackware x86_64 -current package:

bbfafeb1b6ed34f1c610715405923e5f n/proftpd-1.3.6-x86_64-1.txz





Installation instructions:

+------------------------+



Upgrade the package as root:

# upgradepkg proftpd-1.3.5e-i586-1_slack14.2.txz





+-----+



Slackware Linux Security Team

http://slackware.com/gpg-key

security@slackware.com



-----BEGIN PGP SIGNATURE-----



iEYEARECAAYFAlj7hzgACgkQakRjwEAQIjNwvwCcCgFud4425Bi0FFxgNW02At0Y

KN8AoJGlptZcMqFE4FuEwSpSTc0tdsBn

=IsVE

-----END PGP SIGNATURE-----

