[SECURITY] [DSA 4559-1] proftpd-dfsg security update

2019-11-0522:53:55

lists.debian.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.946 High

EPSS

Percentile

99.2%

JSON

Debian Security Advisory DSA-4559-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
November 05, 2019 https://www.debian.org/security/faq

Package : proftpd-dfsg
CVE ID : CVE-2019-18217
Debian Bug : 942831

Stephan Zeisberg discovered that missing input validation in ProFTPD, a
FTP/SFTP/FTPS server, could result in denial of service via an infinite
loop.

For the oldstable distribution (stretch), this problem has been fixed
in version 1.3.5b-4+deb9u2.

For the stable distribution (buster), this problem has been fixed in
version 1.3.6-4+deb10u2.

We recommend that you upgrade your proftpd-dfsg packages.

For the detailed security status of proftpd-dfsg please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/proftpd-dfsg

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian10armhfproftpd-basic-dbgsym< 1.3.6-4+deb10u2proftpd-basic-dbgsym_1.3.6-4+deb10u2_armhf.deb
Debian10mipselproftpd-mod-snmp< 1.3.6-4+deb10u2proftpd-mod-snmp_1.3.6-4+deb10u2_mipsel.deb
Debian9mipselproftpd-mod-odbc< 1.3.5b-4+deb9u2proftpd-mod-odbc_1.3.5b-4+deb9u2_mipsel.deb
Debian9arm64proftpd-basic< 1.3.5b-4+deb9u2proftpd-basic_1.3.5b-4+deb9u2_arm64.deb
Debian10armelproftpd-mod-odbc-dbgsym< 1.3.6-4+deb10u2proftpd-mod-odbc-dbgsym_1.3.6-4+deb10u2_armel.deb
Debian9amd64proftpd-basic< 1.3.5b-4+deb9u2proftpd-basic_1.3.5b-4+deb9u2_amd64.deb
Debian9i386proftpd-mod-geoip< 1.3.5b-4+deb9u2proftpd-mod-geoip_1.3.5b-4+deb9u2_i386.deb
Debian10i386proftpd-mod-sqlite-dbgsym< 1.3.6-4+deb10u2proftpd-mod-sqlite-dbgsym_1.3.6-4+deb10u2_i386.deb
Debian9armelproftpd-basic< 1.3.5b-4+deb9u2proftpd-basic_1.3.5b-4+deb9u2_armel.deb
Debian10s390xproftpd-mod-odbc-dbgsym< 1.3.6-4+deb10u2proftpd-mod-odbc-dbgsym_1.3.6-4+deb10u2_s390x.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	armhf	proftpd-basic-dbgsym	< 1.3.6-4+deb10u2	proftpd-basic-dbgsym_1.3.6-4+deb10u2_armhf.deb
Debian	10	mipsel	proftpd-mod-snmp	< 1.3.6-4+deb10u2	proftpd-mod-snmp_1.3.6-4+deb10u2_mipsel.deb
Debian	9	mipsel	proftpd-mod-odbc	< 1.3.5b-4+deb9u2	proftpd-mod-odbc_1.3.5b-4+deb9u2_mipsel.deb
Debian	9	arm64	proftpd-basic	< 1.3.5b-4+deb9u2	proftpd-basic_1.3.5b-4+deb9u2_arm64.deb
Debian	10	armel	proftpd-mod-odbc-dbgsym	< 1.3.6-4+deb10u2	proftpd-mod-odbc-dbgsym_1.3.6-4+deb10u2_armel.deb
Debian	9	amd64	proftpd-basic	< 1.3.5b-4+deb9u2	proftpd-basic_1.3.5b-4+deb9u2_amd64.deb
Debian	9	i386	proftpd-mod-geoip	< 1.3.5b-4+deb9u2	proftpd-mod-geoip_1.3.5b-4+deb9u2_i386.deb
Debian	10	i386	proftpd-mod-sqlite-dbgsym	< 1.3.6-4+deb10u2	proftpd-mod-sqlite-dbgsym_1.3.6-4+deb10u2_i386.deb
Debian	9	armel	proftpd-basic	< 1.3.5b-4+deb9u2	proftpd-basic_1.3.5b-4+deb9u2_armel.deb
Debian	10	s390x	proftpd-mod-odbc-dbgsym	< 1.3.6-4+deb10u2	proftpd-mod-odbc-dbgsym_1.3.6-4+deb10u2_s390x.deb