Debian alert DLA-4077-1 (proftpd-dfsg)
| From: | rouca@debian.org | |
| To: | <debian-lts-announce@lists.debian.org> | |
| Subject: | [SECURITY] [DLA 4077-1] proftpd-dfsg security update | |
| Date: | Sun, 02 Mar 2025 19:47:05 +0000 | |
| Message-ID: | <3c9c961b74d5c964b41422423be05c26@debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4077-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Bastien Roucariès March 02, 2025 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : proftpd-dfsg Version : 1.3.7a+dfsg-12+deb11u5 CVE ID : CVE-2024-57392 Debian Bug : 1090813 proftpd a popular FTP server was affected by a vulnerability. CVE-2024-57392: Buffer Overflow vulnerability in Proftpd allowed a remote attacker to execute arbitrary code and can cause a Denial of Service (DoS) on the FTP service by sending a maliciously crafted message to the ProFTPD service port. Moreover this release include some bug fixes: - - upstream issue #1171 "Downloading a file contains the contents of another file." - - Fix the computation of he RADIUS Message-Authenticator signature to conform more properly to RFC 2869. Fix Blastradius breakage. For Debian 11 bullseye, this problem has been fixed in version 1.3.7a+dfsg-12+deb11u5. We recommend that you upgrade your proftpd-dfsg packages. For the detailed security status of proftpd-dfsg please refer to its security tracker page at: https://security-tracker.debian.org/tracker/proftpd-dfsg Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmfEtbgACgkQADoaLapB CF+HZg/+OxaHrQLh8ZJnVUDDCFYR8sPzhrOyQK99qUwQUsafw4I9PJLOqbpVG2Oo L3Zsxs5Va7addtp6iCsvAPO5zNUOdr/+oDUWf8bIbLaicMf3xHtbiXbJUqkvk7T/ 0QDC9XwKpGutLa161e0BxXNzooVSrRTDX/iIKqpQIwlBMpCASXf5vQAqUSdA2LbT ZuPZqJw9Jgprsa5UGVVIiO0mZIJdU72ld3yoXcZ6D8qNiLQUoDQGfc9ROcdkYlrW yapDyN1HZymL3i43cCzzo90faKk7iYJe4R0EcD03TIoMTwd2DOu6+2Qbh3gJh3vg vnw0zXA6eR1T9zE50yTIaiPRhc736r/PTZ07tW0b6hCZF7W836x+Y4ynbLJXn4/o BG70qFjkvRihv2WuAAKk0BCaRNsrxlVLz5P1uIvTPLJyMGNtyr2fu9p7MRz6OLvm WXTMYWLdoBrn1tH822V4EzzlXYqD+zXPmDqHKjJcJ+GcvAKu8kULOXtKtrmbTp3I XXJKXk24t9ZnZJq7ZJbZd+Izri7x7MmmaYwkhG8p/GFHNoemA3Dv/FCdG+rxaTHW qKH4zyjmjNhthOagDra2EK2G/ECtJXFiepNpPTPWAl1kWIXVu2/FQtT3ip4WEgr7 HsDz9Glyu2dPWKAXbnFmFDmBdcoPdSSdkDqfsFHrz2QrIYXuxck= =dGCo -----END PGP SIGNATURE-----