User: Password:
|
|
Subscribe / Log in / New account

Red Hat alert RHSA-2005:410-01 (gFTP)

From:  bugzilla@redhat.com
To:  enterprise-watch-list@redhat.com
Subject:  [RHSA-2005:410-01] Moderate: gftp security update
Date:  Mon, 13 Jun 2005 08:37 -0400

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: gftp security update Advisory ID: RHSA-2005:410-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-410.html Issue date: 2005-06-13 Updated on: 2005-06-13 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0372 - --------------------------------------------------------------------- 1. Summary: An updated gFTP package that fixes a directory traversal issue is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: gFTP is a multi-threaded FTP client for the X Window System. A directory traversal bug was found in gFTP. If a user can be tricked into downloading a file from a malicious ftp server, it is possible to overwrite arbitrary files owned by the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0372 to this issue. Users of gftp should upgrade to this updated package, which contains a backported fix for this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 149109 - CAN-2005-0372 directory traversal issue in gftp 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/gft... 9ad04edd854e04b291b8ad13cdbb1329 gftp-2.0.8-5.src.rpm i386: 43668a3d9304b5bd3e1c10089e0d1aad gftp-2.0.8-5.i386.rpm ia64: f6d35d6320d0c829994dfbfd2059acd8 gftp-2.0.8-5.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/gft... 9ad04edd854e04b291b8ad13cdbb1329 gftp-2.0.8-5.src.rpm ia64: f6d35d6320d0c829994dfbfd2059acd8 gftp-2.0.8-5.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/gft... 9ad04edd854e04b291b8ad13cdbb1329 gftp-2.0.8-5.src.rpm i386: 43668a3d9304b5bd3e1c10089e0d1aad gftp-2.0.8-5.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/gft... 9ad04edd854e04b291b8ad13cdbb1329 gftp-2.0.8-5.src.rpm i386: 43668a3d9304b5bd3e1c10089e0d1aad gftp-2.0.8-5.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/gftp-... b1f1c96f874c88ca7876bd4b89ea84d8 gftp-2.0.14-4.src.rpm i386: d70901a39c11289a7062f74bbddbbf47 gftp-2.0.14-4.i386.rpm ia64: 25b3c26a26f2ff5f7da7398c76cf1a62 gftp-2.0.14-4.ia64.rpm ppc: e8bd14e811c5f61980523908488f517f gftp-2.0.14-4.ppc.rpm s390: 0c41a94c255a367ca689550da2fc3f61 gftp-2.0.14-4.s390.rpm s390x: 8d5cd4377701caf95823a616cdaccb01 gftp-2.0.14-4.s390x.rpm x86_64: 4f4d275023718ad3999cd454f55ab3ca gftp-2.0.14-4.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/... b1f1c96f874c88ca7876bd4b89ea84d8 gftp-2.0.14-4.src.rpm i386: d70901a39c11289a7062f74bbddbbf47 gftp-2.0.14-4.i386.rpm x86_64: 4f4d275023718ad3999cd454f55ab3ca gftp-2.0.14-4.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/gftp-... b1f1c96f874c88ca7876bd4b89ea84d8 gftp-2.0.14-4.src.rpm i386: d70901a39c11289a7062f74bbddbbf47 gftp-2.0.14-4.i386.rpm ia64: 25b3c26a26f2ff5f7da7398c76cf1a62 gftp-2.0.14-4.ia64.rpm x86_64: 4f4d275023718ad3999cd454f55ab3ca gftp-2.0.14-4.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/gftp-... b1f1c96f874c88ca7876bd4b89ea84d8 gftp-2.0.14-4.src.rpm i386: d70901a39c11289a7062f74bbddbbf47 gftp-2.0.14-4.i386.rpm ia64: 25b3c26a26f2ff5f7da7398c76cf1a62 gftp-2.0.14-4.ia64.rpm x86_64: 4f4d275023718ad3999cd454f55ab3ca gftp-2.0.14-4.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gftp-... 33d5e9f32fd24288b45d621e02daa0f5 gftp-2.0.17-5.src.rpm i386: 9e9c8b22418ac80d805a43e0d6530fc6 gftp-2.0.17-5.i386.rpm ia64: 60fbcc6fd5db5d4b468c680d89b52cf3 gftp-2.0.17-5.ia64.rpm ppc: f406c09280eac463ce88e5126bb06715 gftp-2.0.17-5.ppc.rpm s390: 2c7593bcd854a18c2ee08c15c59c8459 gftp-2.0.17-5.s390.rpm s390x: d8956d0266bad37b28a7cba9a1ef636f gftp-2.0.17-5.s390x.rpm x86_64: 4718135258fd4a5334f6de3516972ae6 gftp-2.0.17-5.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/... 33d5e9f32fd24288b45d621e02daa0f5 gftp-2.0.17-5.src.rpm i386: 9e9c8b22418ac80d805a43e0d6530fc6 gftp-2.0.17-5.i386.rpm x86_64: 4718135258fd4a5334f6de3516972ae6 gftp-2.0.17-5.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gftp-... 33d5e9f32fd24288b45d621e02daa0f5 gftp-2.0.17-5.src.rpm i386: 9e9c8b22418ac80d805a43e0d6530fc6 gftp-2.0.17-5.i386.rpm ia64: 60fbcc6fd5db5d4b468c680d89b52cf3 gftp-2.0.17-5.ia64.rpm x86_64: 4718135258fd4a5334f6de3516972ae6 gftp-2.0.17-5.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gftp-... 33d5e9f32fd24288b45d621e02daa0f5 gftp-2.0.17-5.src.rpm i386: 9e9c8b22418ac80d805a43e0d6530fc6 gftp-2.0.17-5.i386.rpm ia64: 60fbcc6fd5db5d4b468c680d89b52cf3 gftp-2.0.17-5.ia64.rpm x86_64: 4718135258fd4a5334f6de3516972ae6 gftp-2.0.17-5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0372 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2005 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCrX3YXlSAg2UNWIIRAh/aAKC6hnG0gAetBDrjGz+ayC2fjCld9wCgotsf GoHq9L1/5EsqKzCmk7/Snbg= =+9EW -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-...


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds