drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Problem beim Parsen von HTML in lftp
Name: |
Problem beim Parsen von HTML in lftp
|
|
ID: |
SSA:2003-346-01 |
|
Distribution: |
Slackware |
|
Plattformen: |
Slackware -current, Slackware 8.1, Slackware 9.0, Slackware 9.1 |
|
Datum: |
So, 14. Dezember 2003, 12:00 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
lftp |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[slackware-security] lftp security update (SSA:2003-346-01)
lftp is a file transfer program that connects to other hosts using FTP, HTTP, and other protocols.
A security problem with lftp has been corrected with the release of lftp-2.6.10. New packages are available for Slackware 8.1, 9.0, 9.1, and -current. Any sites using lftp should upgrade to the new packages.
Here are the details from the Slackware 9.1 ChangeLog: +--------------------------+ Fri Dec 12 11:12:05 PST 2003 patches/packages/lftp-2.6.10-i486-1.tgz: Upgraded to lftp-2.6.10. According to the NEWS file, this includes "security fixes in html parsing code" which could cause a compromise when using lftp to access an untrusted site. (* Security fix *) +--------------------------+
WHERE TO FIND THE NEW PACKAGE: +-----------------------------+
Updated package for Slackware 8.1: lftp-2.6.10-i386-1.tgz
Updated package for Slackware 9.0: lftp-2.6.10-i386-1.tgz
Updated package for Slackware 9.1: lftp-2.6.10-i486-1.tgz
Updated package for Slackware -current: lftp-2.6.10-i486-1.tgz
MD5 SIGNATURES: +-------------+
Slackware 8.1 package: 1e7eae2a8279491d439f4494c8733aa2 lftp-2.6.10-i386-1.tgz
Slackware 9.0 package: af80878951917a6683bc3076947f2632 lftp-2.6.10-i386-1.tgz
Slackware 9.1 package: e053a1641f1f16de8d2659e70ca81c04 lftp-2.6.10-i486-1.tgz
Slackware -current package: 07e76203820f54983cbc4591cc830b97 lftp-2.6.10-i486-1.tgz
INSTALLATION INSTRUCTIONS: +------------------------+
Upgrade the package as root: # upgradepkg lftp-2.6.10-i486-1.tgz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back. Follow the instructions to | | complete the unsubscription. Do not reply to this message to | | unsubscribe! | +------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/2hdTakRjwEAQIjMRAmHbAKCQtw9UN4ItGNph3ca4CqtfJDZiyACfV5gc 0uX5KSFnwEb2k0tucmkKWzI= =SQlB -----END PGP SIGNATURE-----
|
|
|
|