Re: [SECURITY] [DSA 2346-1] proftpd-dfsg security update
Huch - Ist die nicht schon etwas älter?
Am 15.11.2011 um 23:32 schrieb Kai Moritz:
> Eingespielt...
>
> Am 15.11.2011 21:39, schrieb Florian Weimer:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> - -------------------------------------------------------------------------
>> Debian Security Advisory DSA-2346-1 security@debian.org
>> http://www.debian.org/security/ Florian Weimer
>> November 15, 2011 http://www.debian.org/security/faq
>> - -------------------------------------------------------------------------
>>
>> Package : proftpd-dfsg
>> Vulnerability : several
>> Problem type : remote
>> Debian-specific: no
>> CVE ID : CVE-2011-4130
>> Debian Bug : 648373
>>
>> Several vulnerabilities were discovered in ProFTPD, an FTP server:
>>
>> ProFTPD incorrectly uses data from an unencrypted input buffer
>> after encryption has been enabled with STARTTLS, an issue
>> similar to CVE-2011-0411.
>>
>> CVE-2011-4130
>> ProFTPD uses a response pool after freeing it under
>> exceptional conditions, possibly leading to remote code
>> execution. (The version in lenny is not affected by this
>> problem.)
>>
>> For the oldstable distribution (lenny), this problem has been fixed in
>> version 1.3.1-17lenny8.
>>
>> For the stable distribution (squeeze), this problem has been fixed in
>> version 1.3.3a-6squeeze4.
>>
>> For the testing distribution (wheezy) and the unstable distribution
>> (sid), this problem has been fixed in version 1.3.4~rc3-2.
>>
>> We recommend that you upgrade your proftpd-dfsg packages.
>>
>> Further information about Debian Security Advisories, how to apply
>> these updates to your system and frequently asked questions can be
>> found at: http://www.debian.org/security/
>>
>> Mailing list: debian-security-announce@lists.debian.org
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.9 (GNU/Linux)
>>
>> iQEcBAEBAgAGBQJOwtBGAAoJEL97/wQC1SS+qHcIALRWXUJlJ6Ufbh4DP1+ibjwW
>> lyJmGf+XKWCYT65jYjXzC+zDzjAGHvkwy1Vqwl7y7SD38h5/bYlr4O2n5BdwdPYA
>> N5rcdFtse8XXGGBrN8x4OjSgmson2gWy8cxCG3cgtLa3+815frrDc9PlZYM+wsIK
>> yfY4xEIV2cisJdy9wpOTLZJvAt6Hv2lp7vGEBM21wAbkxl5/anLvsij2E1FBNSNp
>> 2fUxT4kAl7p39rL8103rCL/D0TreP62n5wuILGuikxdW8/c1ZRG9aaBWMRraUZ6V
>> UWYRPdjD+kjVidzukxYRLrf/VN7RmsqKsQNz5fez+pRRRfjoCdmVzSLGvSNs5C4=
>> =YlU+
>> -----END PGP SIGNATURE-----
>>
>>
>
>
> --
>
> Kai Moritz
> Leiter Entwicklung
>
> Telefon: 0234/7090883
> Mobil: 0176/20504747
>
> E-Mail: kai@coolibri.de
>
> coolibri, Magazin-Online-App
> Events, Trends und Reportagen für die Rhein-Ruhr-Region
>
> Deutschlands meistgelesene Stadtillustrierte (AWA 2010)
>
> www.coolibri.de
> www.facebook.com/coolibrimagazin
> http://twitter.com/coolibri
>
> coolibri iPhone-App
>
> coolibri ist Medienpartner der Ruhrtriennale
> coolibri ist Mediennpartner des Altstadtherbst Kulturfestivals
>
>
> Roland Scherer Verlags- und Werbeservice GmbH
> Ehrenfeldstr. 34
> 44789 Bochum
> ----------------------------------------------------------
> Sitz der Gesellschaft: Bochum
> Registergericht: Amtsgericht Bochum HRB 3259
> Geschäftsführer: Roland Scherer
>
>
> --
> To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: [🔎] 4EC2E88C.2020200@coolibri.de">http://lists.debian.org/[🔎] 4EC2E88C.2020200@coolibri.de
>
Reply to: