Advisories » MGASA-2020-0120

Updated proftpd packages fix security vulnerability

Publication date: 06 Mar 2020
Modification date: 06 Mar 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-9273

Description

Updated proftpd packages fix security vulnerability:

Antonio Morales discovered an use-after-free flaw in the memory pool
allocator in ProFTPD. Interrupting current data transfers can corrupt
the ProFTPD memory pool, leading to denial of service, or potentially
the execution of arbitrary code (CVE-2020-9273).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=26251
• https://www.debian.org/security/2020/dsa-4635
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9273

SRPMS

7/core

• proftpd-1.3.5e-4.3.mga7