Advisories ยป MGASA-2016-0128

Updated proftpd packages fix security vulnerability

Publication date: 31 Mar 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-3125

Description

A bug with security implications was found in the mod_tls module in
ProFTPD before 1.3.5b. This module has a configuration option
TLSDHParamFile to specify user-defined Diffie Hellman parameters. The
software would ignore the user-defined parameters and use Diffie Hellman
key exchanges with 1024 bits (CVE-2016-3125).

The proftpd package has been updated to version 1.3.5b, which fixes this
issue and other bugs, including:
- SSH RSA hostkeys smaller than 2048 bits now work properly.
- MLSD response lines are now properly CRLF terminated.
                

References

SRPMS

5/core