lftp security update

2003-12-12T12:39:56
ID SSA-2003-346-01
Type slackware
Reporter Slackware Linux Project
Modified 2003-12-12T12:39:56

Description

lftp is a file transfer program that connects to other hosts using FTP, HTTP, and other protocols.

A security problem with lftp has been corrected with the release of lftp-2.6.10. New packages are available for Slackware 8.1, 9.0, 9.1, and -current. Any sites using lftp should upgrade to the new packages.

Here are the details from the Slackware 9.1 ChangeLog:

Fri Dec 12 11:12:05 PST 2003 patches/packages/lftp-2.6.10-i486-1.tgz: Upgraded to lftp-2.6.10. According to the NEWS file, this includes "security fixes in html parsing code" which could cause a compromise when using lftp to access an untrusted site. ( Security fix )

WHERE TO FIND THE NEW PACKAGE:

Updated package for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/lftp-2.6.10-i386-1.tgz

Updated package for Slackware 9.0: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/lftp-2.6.10-i386-1.tgz

Updated package for Slackware 9.1: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/lftp-2.6.10-i486-1.tgz

Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/lftp-2.6.10-i486-1.tgz

MD5 SIGNATURES:

Slackware 8.1 package: 1e7eae2a8279491d439f4494c8733aa2 lftp-2.6.10-i386-1.tgz

Slackware 9.0 package: af80878951917a6683bc3076947f2632 lftp-2.6.10-i386-1.tgz

Slackware 9.1 package: e053a1641f1f16de8d2659e70ca81c04 lftp-2.6.10-i486-1.tgz

Slackware -current package: 07e76203820f54983cbc4591cc830b97 lftp-2.6.10-i486-1.tgz

INSTALLATION INSTRUCTIONS:

Upgrade the package as root: > upgradepkg lftp-2.6.10-i486-1.tgz