Debian FTP Security Update
-----BEGIN PGP SIGNED MESSAGE-----
A security problem has been found in proftpd and wu-ftpd-academ. It
allows, once logged in, to potentially execute commands as root. This
is the Palmetto bug reported by Netect, and should be fixed as soon as
possible. (http://www.netect.com/advisory_0209.html)
Debian 2.0
- --------
PROFTPD:
i386:
wget http://netgod.net/debian/security/proftpd_1.2.0pre1-2_i386.deb
dpkg --install proftpd_1.2.0pre1-2_i386.deb
m68k:
wget http://netgod.net/debian/security/proftpd_1.2.0pre1-2_m68k.deb
dpkg --install proftpd_1.2.0pre1-2_m68k.deb
WU-FTPD:
i386:
wget http://netgod.net/debian/security/wu-ftpd-academ_2.4.2.16-12.2_i386.deb
dpkg --install wu-ftpd-academ_2.4.2.16-12.2_i386.deb
Debian 2.1 Beta
- -------------
The "slink" and "potato" releases already include a secure proftpd
1.2.0pre1-1. For wu-ftpd download and install the package above.
These packages will be in place for regular dselect and APT upgrades
by tomorrow.
The wu-ftpd package above includes the security patch from Olaf Kirch.
The proftpd package is source from Flood's CVS which includes the
patch at ftp.proftpd.org. Thanks to Jordan Ritter of Netect for
detailing this bug, and to these authors for fixing it.
6fa9921e694972015d4e3d34184c4f2b proftpd_1.2.0pre1-2_i386.deb
52053f8b9f348ff1929db91951cf394f proftpd_1.2.0pre1-2_m68k.deb
b851adb345917a6f92e8b03f8cc97ff2 wu-ftpd-academ_2.4.2.16-12.2_i386.deb
- --------------------- PGP E4 70 6E 59 80 6A F5 78 63 32 BC FB 7A 08 53 4C
__ _ Debian GNU Johnie Ingram <johnie@netgod.net> mm mm
/ /(_)_ __ _ ___ __ www.netgod.net irc.debian.org mm mm
/ / | | '_ \| | | \ \/ / m m m
/ /__| | | | | |_| |> < World Domination, of course. mm mm
\____/_|_| |_|\__,_/_/\_\ And scantily clad females. GO BLUE
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: latin1
iQCVAwUBNsGvuhCswmGWXGp9AQGcIgP/TRm5zWAfqk3hjO1ahilo7XfVFltMd33G
Kd+QkJ1TzWb1He9KArG1ZZeUoLDBk6f7pCk2ox7p+fAuXfLUC2F11VD+JYUgHhGy
ySbp5mM+A9XzCCb7WkIpKdkiTbkA2UErpumfM2tUAvf1AVNNvAmM/elfZpcrT/9C
hDJeTEf1n18=
=ssG1
-----END PGP SIGNATURE-----
Reply to: