SUSE-SU-2025:1028-1 Security update for proftpd

This update for proftpd fixes the following issues: - CVE-2024-57392: Fixed null pointer dereference vulnerability by sending a maliciously crafted message bsc1238143. - CVE-2024-48651: Fixed supplemental group inheritance granting unintended access to GID 0 bsc1238141...

[SECURITY] [DLA 4077-1] proftpd-dfsg security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4077-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès March 02, 2025 https://wiki.debian.org/LTS -...

MGASA-2025-0015 Updated proftpd packages fix security vulnerability

In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from modsql. CVE-2024-48651...

proftpd-1.3.8c-1.1 on GA media (moderate)

proftpd-1.3.8c-1.1 on GA media Announcement ID: openSUSE-SU-2025:14636-1 Rating: moderate Cross-References: CVE-2024-48651 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the proftpd-1.3.8c-1....

[SECURITY] [DSA 5827-1] proftpd-dfsg security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5827-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 10, 2024 https://www.debian.org/security/faq -...

[SECURITY] [DLA 3975-1] proftpd-dfsg security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3975-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès November 29, 2024 https://wiki.debian.org/LTS -...

OPENSUSE-SU-2024:0008-1 Security update for proftpd

This update for proftpd fixes the following issues: proftpd was updated to 1.3.8b - released 19-Dec-2023 - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity boo1218144 - CVE-2023-51713: Fixed Out-of-bounds buffer read when handling FTP commands. boo1218344...

MGASA-2020-0120 Updated proftpd packages fix security vulnerability

Updated proftpd packages fix security vulnerability: Antonio Morales discovered an use-after-free flaw in the memory pool allocator in ProFTPD. Interrupting current data transfers can corrupt the ProFTPD memory pool, leading to denial of service, or potentially the execution of arbitrary code...

OPENSUSE-SU-2020:0031-1 Security update for proftpd

This update for proftpd fixes the following issues: GeoIP has been discontinued by Maxmind boo1156210 This update removes module build for geoip see https://support.maxmind.com/geolite-legacy-discontinuation-notice/ - CVE-2019-19269: Fixed a NULL pointer dereference may occur when validating the...

OPENSUSE-SU-2019:1870-1 Security update for proftpd

This update for proftpd fixes the following issues: Security issues fixed: - CVE-2019-12815: Fixed arbitrary file copy in modcopy that allowed for remote code execution and information disclosure without authentication bnc1142281. This update was imported from the openSUSE:Leap:15.0:Update update...

MGASA-2015-0485 Updated proftpd packages fix security vulnerabilities

Updated proftpd packages fix security vulnerability: Part of the SFTP handshake involves "extensions", which are key/value pairs, comprised of strings. In SSH, strings are encoded for network transport as a 32-bit length, followed by the bytes. The modsftp module currently places no bounds/length...

MGASA-2013-0295 Updated proftpd package fixes security vulnerability

A bug in ProFTPd's modsftp and modsftppam modules can be used to trigger a large heap allocation and exhaust all available system memory of the underlying operating system CVE-2013-4359...

[Backports-security-announce] Security Update for proftpd-dfsg

Francesco Paolo Lovergine uploaded new packages for proftpd-dfsg which fixed the following security problem: CVE-2008-4242, Debian Bug 502674 ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery CSRF...