Fedora Test Update Notification: wu-ftpd

Jesse Keating jkeating at j2solutions.net
Fri Jun 11 02:20:45 UTC 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Fedora Test Update Notification
FEDORA-2004-1376
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1376
2004-06-10
- ---------------------------------------------------------------------
 
Name        : wu-ftpd
Version 7.3 : 2.6.2-15.7x.legacy
Summary     : An FTP daemon provided by Washington University.
Description :
The wu-ftpd package contains the wu-ftpd FTP (File Transfer Protocol)
server daemon. The FTP protocol is a method of transferring files
between machines on a network and/or over the Internet. Wu-ftpd's
features include logging of transfers, logging of commands, on the fly
compression and archiving, classification of users' type and location,
per class limits, per directory upload permissions, restricted guest
accounts, system wide and per directory messages, directory alias,
cdpath, filename filter, and virtual host support.
 
- ---------------------------------------------------------------------
Update Information:
 
CAN-1999-0997:
wu-ftp with FTP conversion enabled allows an attacker to execute commands
via a malformed file name that is interpreted as an argument to the
program that does the conversion, e.g. tar or uncompress.
 
CAN-2004-0148:
wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows
local users to bypass access restrictions by changing the permissions to
prevent access to their home directory, which causes wu-ftpd to use the
root directory instead.
 
CAN-2004-0185:
Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon
(wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and
possibly execute arbitrary code via a s/key (SKEY) request with a long
name.
 
This build fixes a missing build requirement.
- ---------------------------------------------------------------------
Changelog:
 
7.3:
 
* Fri Jun 04 2004 John Dalbec <jpdalbec at ysu.edu> 2.6.2-15.7x.legacy
 
- - Added pam-devel to buildreqs
- - Added bugfix patch to reopen syslog after calling PAM
- - Added bugfix patch to fix active-mode SSL data connections
 
* Mon May 31 2004 Jesse Keating <jkeating at j2solutions.net> 
2.6.2-14.legacy.7x
 
- - Added byacc to buildreqs
 
* Sat May 22 2004 Marc Deslauriers <marcdeslauriers at videotron.ca> 
2.6.2-13.legacy.7x
 
- - bugfix release CAN-1999-0997 ftp conversions
- - CAN-2004-0148 escape from home
- - CAN-2004-0185 skeychallenge
 
- ---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/redhat/
 
5b50aa3a91d8bb30aa860ac05ca7b2ea60f91c05  
7.3/updates-testing/SRPMS/wu-ftpd-2.6.2-15.7x.legacy.src.rpm
6215a42cadf71683e87a4b7ffa54fd7b37d106a9  
7.3/updates-testing/i386/wu-ftpd-2.6.2-15.7x.legacy.i386.rpm
 
Please note that this update is also available via yum and apt through
the updates-testing channel.  Many people find this an easier
way to apply updates.
- ---------------------------------------------------------------------
- -- 
Jesse Keating RHCE	(http://geek.j2solutions.net)
Fedora Legacy Team	(http://www.fedoralegacy.org)
GPG Public Key		(http://geek.j2solutions.net/jkeating.j2solutions.pub)

Was I helpful?  Let others know:
 http://svcs.affero.net/rm.php?r=jkeating
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAyRb94v2HLvE71NURAlGCAJ0R32vZVeIC0dbLvksP9VkL2RttYgCgidlw
ge3hz5viWLaAXYCWrLJHYZg=
=82lO
-----END PGP SIGNATURE-----

More information about the fedora-legacy-list mailing list