stable

proftpd-1.3.3g-1.el5

FEDORA-EPEL-2011-4943 created by pghmcfc 13 years ago for Fedora EPEL 5

This update, to the current (and final) release for the 1.3.3 maintenance branch, includes a pair of security fixes:

  • Enable OpenSSL countermeasure against SSLv3/TLSv1 BEAST attacks (upstream bug 3704); to disable this countermeasure, which may cause interoperability issues with some clients, use the NoEmptyFragments TLSOption
  • Response pool use-after-free memory corruption error (upstream bug 3711, #752812, ZDI-CAN-1420), in which a remote attacker could provide a specially-crafted request (resulting in a need for the server to handle an exceptional condition), leading to memory corruption and potentially arbitrary code execution, with the privileges of the user running the proftpd server

This update has been submitted for testing by pghmcfc.

13 years ago

This update is currently being pushed to the Fedora EPEL 5 testing updates repository.

13 years ago

This update has been pushed to testing

13 years ago

This update has been submitted for stable by pghmcfc.

13 years ago

This update is currently being pushed to the Fedora EPEL 5 stable updates repository.

13 years ago

This update has been pushed to stable

13 years ago

Please login to add feedback.

Metadata
Type
security
Karma
0
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
13 years ago
in testing
13 years ago
in stable
13 years ago
modified
13 years ago
BZ#752812 CVE-2011-4130 proftpd: Response pool use-after-free flaw (ZDI-CAN-1420)
0
0
BZ#752817 proftpd: Response pool use-after-free flaw [epel-all]
0
0

Automated Test Results