Debian alert DLA-1974-1 (proftpd-dfsg)
| From: | Thorsten Alteholz <debian@alteholz.de> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 1974-1] proftpd-dfsg security update | |
| Date: | Sun, 27 Oct 2019 19:24:26 +0100 (CET) | |
| Message-ID: | <alpine.DEB.2.20.1910271920001.11876@jupiter.server.alteholz.net> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : proftpd-dfsg Version : 1.3.5e+r1.3.5-2+deb8u4 CVE ID : CVE-2019-18217 An issue has been found in proftp-dfsg, a versatile, virtual-hosting FTP daemon. Due to incorrect handling of overly long commands, a remote unauthenticated user could trigger a denial-of-service by reaching an endless loop. For Debian 8 "Jessie", this problem has been fixed in version 1.3.5e+r1.3.5-2+deb8u4. We recommend that you upgrade your proftpd-dfsg packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl214NpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEc+dA/6AjjiQiO2KbpQzN926eELVrwWkgOEsR4eHwq23ozEccJsgLz8ueYH/Huc Sj2SYBLdGeuCj2mMDfRMXTnfZUK90uTtQiakvlrIBXbym1/ZShhWTz8rwQGMnxZF nEMyg8BsZCCBKJ2unOIfGglJa8J/iVAQllJ+jEoJIhHpXOmfp7ZwJdw+6SYJjMKe Hy+5xQa90mkwLeg7+10kNT3OFLnJJHd44w4eyj2BdzmyXt2zgIVeK4vsySSkIO6Z P/9iL1rjMX6Eld/SDCl3U8iWz7Q8QW69d57O8Li3VkuB2QWnrsS9UWCp1JhFOC/i bR4Rg1qAxWHhIzds0VMhrOngErStqf75SWtSZSvRo4YaSwbxEoe65VxLJk/dl14I cIoTmTmStXumxiiQ0dyqofGyVSqgam9mpRSl68GbQC84JWLubcRVGlxwj1L2LKA7 UuJjP8wspc4EArkTy5NoVwUTGkqxr6PaieFk7m8yCDXpTlM1DDl5lQNp4pr66/8v NZRDRPl9yJcjjxOtrDnYyGE0cYNACS85ab5ZWFGUWhEJ4D5Q9TwrjbUMPOuJeluy JnOjAI7AkzGNvda/wz55dhOmkP1uVFuQaygiASuAp9bJ4z5IwcBk4adA9OIrwLlb a2/WIJ7mKoZZZdH89piMzVlsSMezucyazYu1XN0OEdxoQpMcbmc= =XHOW -----END PGP SIGNATURE-----