Updated proftpd packages fix security vulnerabilities
Publication date: 07 Nov 2019Modification date: 07 Nov 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-12815 , CVE-2019-12817
Description
Updated proftpd package fixes security vulnerabilities: It was discovered that the mod_copy module of ProFTPD, a FTP/SFTP/FTPS server, performed incomplete permission validation for the CPFR/CPTO commands (CVE-2019-12815). It was discovered that due to incorrect handling of overly long commands, a remote unauthenticated user could trigger a denial-of-service by reaching an endless loop (CVE-2019-18217).
References
SRPMS
7/core
- proftpd-1.3.5e-4.1.mga7