UbuntuUpdates.org

Package "proftpd-dfsg"

Name: proftpd-dfsg

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Versatile, virtual-hosting FTP daemon - binaries
  • Versatile, virtual-hosting FTP daemon - development files
  • Versatile, virtual-hosting FTP daemon - documentation
  • Versatile, virtual-hosting FTP daemon - GeoIP module
Latest version: 1.3.6c-2ubuntu0.1
Release: focal (20.04)
Level: security
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "proftpd-dfsg" in Focal

Repository Area Version
base universe 1.3.6c-2
updates universe 1.3.6c-2ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.3.6c-2ubuntu0.1 2025-02-25 17:06:57 UTC

  proftpd-dfsg (1.3.6c-2ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: terrapin attack
    - d/p/CVE-2023-48795/only-send-an-SSH-EXT_INFO-message-if-supported.patch:
      only send an SSH-EXT_INFO message if supported
    - d/p/CVE-2023-48795/implement-the-strict-KEX-mitigation.patch:
      implement the strict KEX mitigation
    - CVE-2023-48795
  * SECURITY UPDATE: out of bound read causes daemon crash
    - d/p/CVE-2023-51713.patch: skip parsing quote backslash sequence
    - CVE-2023-51713
  * ignore-supplemental-groups-when-run-as-nonroot.patch: fix dropping privs
    when running as non-root
  * SECURITY UPDATE: privilege escalation due to missing group checks
    - d/p/CVE-2024-48651.patch: only set group for daemon to primary gid
    - CVE-2024-48651
  * fix-radius-signature-for-RFC-2869.patch: fix the computation of the RADIUS
    Message-Authenticator signature to conform more properly to RFC 2869

 -- Sudhakar Verma <email address hidden> Wed, 05 Feb 2025 16:13:43 +0530
CVE-2023-48795 The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integri
CVE-2023-51713 make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semant
CVE-2024-48651 In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups


About   -   Send Feedback to @ubuntu_updates