[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ MDVSA-2011:046 ] pure-ftpd
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: [ MDVSA-2011:046 ] pure-ftpd
- From: security@xxxxxxxxxxxx
- Date: Thu, 17 Mar 2011 18:49:01 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:046
http://www.mandriva.com/security/
_______________________________________________________________________
Package : pure-ftpd
Date : March 17, 2011
Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A security flaw was discovered in pure-ftpd which allows plaintext
command injection over TLS (similar to CVE-2011-0411).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://www.postfix.org/CVE-2011-0411.html
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
ed4ae86475a00faaadbda5683ee496f5
2009.0/i586/pure-ftpd-1.0.21-8.1mdv2009.0.i586.rpm
0dea42dbd5958a0a4a4e8a47d020062a
2009.0/i586/pure-ftpd-anon-upload-1.0.21-8.1mdv2009.0.i586.rpm
3f3c60fbe60ffa16a542ae78868042c1
2009.0/i586/pure-ftpd-anonymous-1.0.21-8.1mdv2009.0.i586.rpm
32f302505171f7d7801acec8e0aac0ab
2009.0/SRPMS/pure-ftpd-1.0.21-8.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
9fbbd20ce659012dcef2ea534b3e065c
2009.0/x86_64/pure-ftpd-1.0.21-8.1mdv2009.0.x86_64.rpm
d953ece1911ad4f744b5fe5f704c2e9e
2009.0/x86_64/pure-ftpd-anon-upload-1.0.21-8.1mdv2009.0.x86_64.rpm
fd131923aa12607939a33ab0d5a47690
2009.0/x86_64/pure-ftpd-anonymous-1.0.21-8.1mdv2009.0.x86_64.rpm
32f302505171f7d7801acec8e0aac0ab
2009.0/SRPMS/pure-ftpd-1.0.21-8.1mdv2009.0.src.rpm
Mandriva Linux 2010.0:
580032400f3f536b90509404bfa5ff50
2010.0/i586/pure-ftpd-1.0.22-1.1mdv2010.0.i586.rpm
05fe3428a8378f9c7e8282d9e62c9fdf
2010.0/i586/pure-ftpd-anon-upload-1.0.22-1.1mdv2010.0.i586.rpm
8e63f703e071bf7f819b98cb96eeab1d
2010.0/i586/pure-ftpd-anonymous-1.0.22-1.1mdv2010.0.i586.rpm
5370b6f3148695cae7d37dd7a79c4158
2010.0/SRPMS/pure-ftpd-1.0.22-1.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
897957ada6eadf9e87bae3e26ff442fe
2010.0/x86_64/pure-ftpd-1.0.22-1.1mdv2010.0.x86_64.rpm
add9ece828990b566192691992e43cc6
2010.0/x86_64/pure-ftpd-anon-upload-1.0.22-1.1mdv2010.0.x86_64.rpm
6c82671449daf5c7b9d6e40c4c33939b
2010.0/x86_64/pure-ftpd-anonymous-1.0.22-1.1mdv2010.0.x86_64.rpm
5370b6f3148695cae7d37dd7a79c4158
2010.0/SRPMS/pure-ftpd-1.0.22-1.1mdv2010.0.src.rpm
Mandriva Linux 2010.1:
441c80d9c965274c99d34fce9a4bb6ca
2010.1/i586/pure-ftpd-1.0.29-2.1mdv2010.2.i586.rpm
f73c5b101a3100fa5ccf7be95cb820c1
2010.1/i586/pure-ftpd-anon-upload-1.0.29-2.1mdv2010.2.i586.rpm
1bf7c0076615559f213f9e90aabe1ee3
2010.1/i586/pure-ftpd-anonymous-1.0.29-2.1mdv2010.2.i586.rpm
77f0d44baa44e8abc0a5393154d1e347
2010.1/SRPMS/pure-ftpd-1.0.29-2.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
7f83617195a06fe87d4fe91f78256ea8
2010.1/x86_64/pure-ftpd-1.0.29-2.1mdv2010.2.x86_64.rpm
d0428e106e4c4233a266b62b1208f63e
2010.1/x86_64/pure-ftpd-anon-upload-1.0.29-2.1mdv2010.2.x86_64.rpm
04a2e708f8334b33fda7975f72c9afd0
2010.1/x86_64/pure-ftpd-anonymous-1.0.29-2.1mdv2010.2.x86_64.rpm
77f0d44baa44e8abc0a5393154d1e347
2010.1/SRPMS/pure-ftpd-1.0.29-2.1mdv2010.2.src.rpm
Corporate 4.0:
2054ec719cbd8c9be8ad7e9bc654f79e
corporate/4.0/i586/pure-ftpd-1.0.20-7.1.20060mlcs4.i586.rpm
2614d3560204ffb498f6c49453442d05
corporate/4.0/i586/pure-ftpd-anon-upload-1.0.20-7.1.20060mlcs4.i586.rpm
1fb356298d6a5c4b50b6822e8dde3e0b
corporate/4.0/i586/pure-ftpd-anonymous-1.0.20-7.1.20060mlcs4.i586.rpm
63859bd845934e2d382fd2406a1fd9f7
corporate/4.0/SRPMS/pure-ftpd-1.0.20-7.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
b4d4edc6889d96135330b98057bf5396
corporate/4.0/x86_64/pure-ftpd-1.0.20-7.1.20060mlcs4.x86_64.rpm
99ffba7cc4e729a617ca45a10baa9125
corporate/4.0/x86_64/pure-ftpd-anon-upload-1.0.20-7.1.20060mlcs4.x86_64.rpm
b84684dfd4166dcf6def917014355b76
corporate/4.0/x86_64/pure-ftpd-anonymous-1.0.20-7.1.20060mlcs4.x86_64.rpm
63859bd845934e2d382fd2406a1fd9f7
corporate/4.0/SRPMS/pure-ftpd-1.0.20-7.1.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
3e3694e0220ab4cfc55b3d0614443d5d
mes5/i586/pure-ftpd-1.0.21-8.1mdvmes5.2.i586.rpm
c281cdd9b6ab44f956802cbd9d327e36
mes5/i586/pure-ftpd-anon-upload-1.0.21-8.1mdvmes5.2.i586.rpm
ab25c5522a053fddf570a7af29f79db7
mes5/i586/pure-ftpd-anonymous-1.0.21-8.1mdvmes5.2.i586.rpm
71436d40f9fe4780edc71f326a71324c
mes5/SRPMS/pure-ftpd-1.0.21-8.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
dd4fbf6ccb18a342b91b2bdc07048fd9
mes5/x86_64/pure-ftpd-1.0.21-8.1mdvmes5.2.x86_64.rpm
70a0f49eaca5fd8f7a80967810fbfb7d
mes5/x86_64/pure-ftpd-anon-upload-1.0.21-8.1mdvmes5.2.x86_64.rpm
7e6c3b99218158806d3c747f781a449b
mes5/x86_64/pure-ftpd-anonymous-1.0.21-8.1mdvmes5.2.x86_64.rpm
71436d40f9fe4780edc71f326a71324c
mes5/SRPMS/pure-ftpd-1.0.21-8.1mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNghiJmqjQ0CJFipgRAmfEAJ4h4GUCYRRxPThbwS8OU/Nidb5IIwCgzjQL
Rdh2CJ9ld+U6AJmffwFyQO4=
=tWH8
-----END PGP SIGNATURE-----