Advisories ยป MGASA-2019-0314

Updated proftpd packages fix security vulnerabilities

Publication date: 07 Nov 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-12815 , CVE-2019-12817

Description

Updated proftpd package fixes security vulnerabilities:

It was discovered that the mod_copy module of ProFTPD, a FTP/SFTP/FTPS
server, performed incomplete permission validation for the CPFR/CPTO
commands (CVE-2019-12815).

It was discovered that due to incorrect handling of overly long commands,
a remote unauthenticated user could trigger a denial-of-service by
reaching an endless loop (CVE-2019-18217).
                

References

SRPMS

7/core