Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME Server 7.x
  4. Topic: Security update for SME Server 7
« previous next »
Pages: [1]   Go Down

Security update for SME Server 7

  • 0 Replies
  • 1084 Views

Offline wellsi

  • *
  • 475
  • +0/-0
    • http://www.wellsi.com
Security update for SME Server 7
« on: November 13, 2010, 07:56:52 PM »
--------------------------------------------------------------------------------
SME Server Update Notification
2010-11-13
--------------------------------------------------------------------------------

Name        : proftpd
Product     : SME 7
Version     : 1.3.3c
Release     : 1.el4
URL         : [http://www.proftpd.org/]
Summary     : Flexible, stable and highly-configurable FTP server
Description :
ProFTPD is an enhanced FTP server with a focus toward simplicity, security,
and ease of configuration. It features a very Apache-like configuration
syntax, and a highly customizable server infrastructure, including support for
multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory
visibility.

This package defaults to the standalone behavior of ProFTPD, but all the
needed scripts to have it run by xinetd instead are included.
--------------------------------------------------------------------------------
Update Information:

The ProFTPD Project team has released 1.3.3c to the community. This is an
important security release, containing fixes for a Telnet IAC handling
vulnerability and a directory traversal vulnerability in the mod_site_misc
module. References [1] & [2] below contain the full details.

--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 01 2010 Paul Howarth <paul@city-fan.org> 1.3.3c-1

- Update to 1.3.3c (#647965)
- Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925)
- Fixed directory traversal bug in mod_site_misc (CVE-2010-3867)
- Fixed SQLite authentications using "SQLAuthType Backend"
- New DSO module: mod_geoip

--------------------------------------------------------------------------------
References:

  [ 1 ] Release Notes from ProFTPD
        http://proftpd.org/docs/RELEASE_NOTES-1.3.3c

  [ 2 ] News from ProFTPD
        http://proftpd.org/docs/NEWS-1.3.3c

  [ 3 ] Telnet IAC processing stack overflow
        http://bugs.proftpd.org/show_bug.cgi?id=3521

  [ 4 ] Bug 6346 - ProFTPd remote rootexploit
        http://bugs.contribs.org/show_bug.cgi?id=6346
--------------------------------------------------------------------------------
Updated packages:

proftpd-1.3.3c-1.el4.i386.rpm
proftpd-1.3.3c-1.el4.src.rpm

This update can be installed with the Software Installer from the Server Manager.
http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter13#Software_Installer_Panel
--------------------------------------------------------------------------------
Logged
............
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME Server 7.x
  4. Topic: Security update for SME Server 7