|
|
Subscribe / Log in / New account

Mageia alert MGASA-2019-0385 (proftpd)



From:
              Mageia Updates <buildsystem-daemon@mageia.org> 


To:
              updates-announce@ml.mageia.org 


Subject:
              [updates-announce] MGASA-2019-0385: Updated proftpd packages fix security vulnerability 


Date:
              Fri, 13 Dec 2019 19:26:37 +0100


Message-ID:
              <20191213182637.D5C719F736@duvel.mageia.org>


MGASA-2019-0385 - Updated proftpd packages fix security vulnerability

Publication date: 13 Dec 2019
URL: https://advisories.mageia.org/MGASA-2019-0385.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2019-19269

Description:
An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b.
A dereference of a NULL pointer may occur. This pointer is returned
by the OpenSSL sk_X509_REVOKED_value() function when encountering an
empty CRL installed by a system administrator. The dereference occurs
when validating the certificate of a client connecting to the server
in a TLS client/server mutual-authentication setup (CVE-2019-19269).

References:
- https://bugs.mageia.org/show_bug.cgi?id=25844
- https://www.debian.org/lts/security/2019/dla-2018
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1...

SRPMS:
- 7/core/proftpd-1.3.5e-4.2.mga7
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds