Ubuntu alert USN-7297-1 (ProFTPD)
| From: | Sudhakar Verma <sudhakar.verma@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7297-1] ProFTPD vulnerabilities | |
| Date: | Tue, 25 Feb 2025 22:35:13 +0530 | |
| Message-ID: | <78963585-1edf-4471-ad98-37adbce3fef7@canonical.com> |
========================================================================== Ubuntu Security Notice USN-7297-1 February 25, 2025 ProFTPD vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in proftpd-dfsg. Software Description: - proftpd-dfsg: Versatile, virtual-hosting FTP daemon Details: Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that the transport protocol implementation in ProFTPD had weak integrity checks. An attacker could use this vulnerability to bypass security features like encryption and integrity checks. (CVE-2023-48795) Martin Mirchev discovered that ProFTPD did not properly validate user input over the network. An attacker could use this vulnerability to crash ProFTPD or execute arbitrary code. (CVE-2023-51713) Brian Ristuccia discovered that ProFTPD incorrectly inherited groups from the parent process. An attacker could use this vulnerability to elevate privileges. (CVE-2024-48651) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 proftpd-core 1.3.8.b+dfsg-2ubuntu1.24.10.1 Ubuntu 24.04 LTS proftpd-core 1.3.8.b+dfsg-1ubuntu0.1 Ubuntu 22.04 LTS proftpd-basic 1.3.7c+dfsg-1ubuntu0.1 proftpd-core 1.3.7c+dfsg-1ubuntu0.1 Ubuntu 20.04 LTS proftpd-basic 1.3.6c-2ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7297-1 CVE-2023-48795, CVE-2023-51713, CVE-2024-48651 Package Information: https://launchpad.net/ubuntu/+source/proftpd-dfsg/1.3.8.b... https://launchpad.net/ubuntu/+source/proftpd-dfsg/1.3.8.b... https://launchpad.net/ubuntu/+source/proftpd-dfsg/1.3.7c+... https://launchpad.net/ubuntu/+source/proftpd-dfsg/1.3.6c-...
Attachment: OpenPGP_signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- wsF5BAABCAAjFiEEcfvxe+flLQwqLJFE8LYUYLBMS1YFAme9+EkFAwAAAAAACgkQ8LYUYLBMS1YG OBAAowKO5p75jsGfrHw1kroQQ/uitVSPf4FxWUWy+N/HXL+l0sZu7PMYSKVZf+7UASpFhRYYTiDg 9/f8wcNtFFaePlELlgtKujeozLlTPaG83PcETQe0lzyPVhIUNUqb62Y5/k1rShVQIj+gvVkkBYqZ vGhJRhVQI5CWK2nWczTe/5us85D70Sei05yp0vRB2r9m6RzsJ4iidZouGH01YwEoLbLSmGRt0KMm RZnwbvMi/Eb4Quw0ljwMmYh9aQA3Yvcuac9QkI+wTf71T3BsPX1rM64AqN+4424uCohBrAcQpL5q wfBb98NAt1LmSAAdN6aKphBqGr8GPLTFnUd9xhqxg+Aul1At6S0ad1LKTnkySQjQrCAG56VBn/pb sedpKsiaZhZ0HHO7H9tRZW0/9XG3E49J9C1a7FAh4shXuIcfTe4NkcEBy+J9lqNX7UxPKD07oykA dt2FSQRP8mGvqQE2T0F/ydojcNuPFKBkE1YkCAzxkJ9jhKJnz+WrTNlD+568BKM3BpdsFcouIkMO uSgwdJUQHG9hklA+z5lNMvx+tSUHCzg4aUGY76ASt/+BXF5lSMWMShHA+sICTbQOSr8XT32Rs//V dcuh8GJaToBPpjT1GQaW7+RchWGzXTanOtnly1Qz9A37oKn4GaaSvH02n9kuVcnsogRz+W65u+BT GlY= =725D -----END PGP SIGNATURE-----
Attachment: None (type=text/plain)