stable

proftpd-1.3.5a-5.fc23

FEDORA-2015-7a89e8db70 created by pghmcfc 8 years ago for Fedora 23

Part of the SFTP handshake involves "extensions", which are key/value pairs, comprised of strings. In SSH, strings are encoded for network transport as a 32-bit length, followed by the bytes. The mod_sftp module currently places no bounds/length limitations when reading these SFTP extension key/value data from the network. A malicious attacker might attempt to encode large values, and allocate more memory than is necessary, causing excessive resource usage or the FTP daemon to crash.

This update limits the amount of memory allocated to handle these extensions.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2015-7a89e8db70

This update has been submitted for testing by pghmcfc.

8 years ago

This update has been pushed to testing.

8 years ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

8 years ago

This update has been submitted for stable by pghmcfc.

8 years ago

This update has been pushed to stable.

8 years ago

Please login to add feedback.

Metadata
Type
security
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
8 years ago
in testing
8 years ago
in stable
8 years ago
BZ#1286977 proftpd: unbounded SFTP extended attribute key/values
0
0
BZ#1286978 proftpd: unbounded SFTP extended attribute key/values [fedora-all]
0
0

Automated Test Results