stable

proftpd-1.3.5e-1.fc24

FEDORA-2017-e15e37b689 created by pghmcfc 7 years ago for Fedora 24

Current upstream maintenance release for the 1.3.5 series.

Includes fix for CVE-2017-7418, where not all path elements were checked for symlinks when using a chroot, so attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2017-e15e37b689

This update has been submitted for testing by pghmcfc.

7 years ago

This update has been pushed to testing.

7 years ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

7 years ago

This update has been submitted for stable by pghmcfc.

7 years ago

This update has been pushed to stable.

7 years ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-1
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
7 years ago
in testing
7 years ago
in stable
7 years ago
BZ#1439693 CVE-2017-7418 proftpd: AllowChrootSymlinks control bypass
0
0
BZ#1439695 CVE-2017-7418 proftpd: AllowChrootSymlinks control bypass [fedora-all]
0
0

Automated Test Results