Updated proftpd packages fix security vulnerability
Publication date: 13 Dec 2019Modification date: 13 Dec 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-19269
Description
An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup (CVE-2019-19269).
References
SRPMS
7/core
- proftpd-1.3.5e-4.2.mga7