Package "proftpd-doc"
| Name: |
proftpd-doc
|
Description: |
Versatile, virtual-hosting FTP daemon - documentation
|
| Latest version: |
1.3.6c-2ubuntu0.1 |
| Release: |
focal (20.04) |
| Level: |
security |
| Repository: |
universe |
| Head package: |
proftpd-dfsg |
| Homepage: |
http://www.proftpd.org/docs |
Links
Download "proftpd-doc"
Other versions of "proftpd-doc" in Focal
Changelog
|
proftpd-dfsg (1.3.6c-2ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: terrapin attack
- d/p/CVE-2023-48795/only-send-an-SSH-EXT_INFO-message-if-supported.patch:
only send an SSH-EXT_INFO message if supported
- d/p/CVE-2023-48795/implement-the-strict-KEX-mitigation.patch:
implement the strict KEX mitigation
- CVE-2023-48795
* SECURITY UPDATE: out of bound read causes daemon crash
- d/p/CVE-2023-51713.patch: skip parsing quote backslash sequence
- CVE-2023-51713
* ignore-supplemental-groups-when-run-as-nonroot.patch: fix dropping privs
when running as non-root
* SECURITY UPDATE: privilege escalation due to missing group checks
- d/p/CVE-2024-48651.patch: only set group for daemon to primary gid
- CVE-2024-48651
* fix-radius-signature-for-RFC-2869.patch: fix the computation of the RADIUS
Message-Authenticator signature to conform more properly to RFC 2869
-- Sudhakar Verma <email address hidden> Wed, 05 Feb 2025 16:13:43 +0530
|
| CVE-2023-48795 |
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integri |
| CVE-2023-51713 |
make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semant |
| CVE-2024-48651 |
In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups |
|
About
-
Send Feedback to @ubuntu_updates
