Mageia Advisory: MGASA-2019-0314 - Updated proftpd packages fix security vulnerabilities

Updated proftpd packages fix security vulnerabilities

Publication date: 07 Nov 2019
Modification date: 07 Nov 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-12815 , CVE-2019-12817

Description

Updated proftpd package fixes security vulnerabilities:

It was discovered that the mod_copy module of ProFTPD, a FTP/SFTP/FTPS
server, performed incomplete permission validation for the CPFR/CPTO
commands (CVE-2019-12815).

It was discovered that due to incorrect handling of overly long commands,
a remote unauthenticated user could trigger a denial-of-service by
reaching an endless loop (CVE-2019-18217).

References

https://bugs.mageia.org/show_bug.cgi?id=25287
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12815
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12817

SRPMS

7/core

proftpd-1.3.5e-4.1.mga7

Advisories » MGASA-2019-0314

Updated proftpd packages fix security vulnerabilities

Description

References

SRPMS

7/core