Koozali.org: home of the SME Server
Obsolete Releases => SME Server 8.x => Topic started by: wellsi on November 13, 2010, 07:55:39 PM
-
--------------------------------------------------------------------------------
SME Server Update Notification
2010-11-13
--------------------------------------------------------------------------------
Name : proftpd
Product : SME 8
Version : 1.3.3c
Release : 1.el5
URL : [http://www.proftpd.org/]
Summary : Flexible, stable and highly-configurable FTP server
Description :
ProFTPD is an enhanced FTP server with a focus toward simplicity, security,
and ease of configuration. It features a very Apache-like configuration
syntax, and a highly customizable server infrastructure, including support for
multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory
visibility.
This package defaults to the standalone behavior of ProFTPD, but all the
needed scripts to have it run by xinetd instead are included.
--------------------------------------------------------------------------------
Update Information:
The ProFTPD Project team has released 1.3.3c to the community. This is an
important security release, containing fixes for a Telnet IAC handling
vulnerability and a directory traversal vulnerability in the mod_site_misc
module. References [1] & [2] below contain the full details.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 01 2010 Paul Howarth <paul@city-fan.org> 1.3.3c-1
- Update to 1.3.3c (#647965)
- Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925)
- Fixed directory traversal bug in mod_site_misc (CVE-2010-3867)
- Fixed SQLite authentications using "SQLAuthType Backend"
- New DSO module: mod_geoip
--------------------------------------------------------------------------------
References:
[ 1 ] Release Notes from ProFTPD
http://proftpd.org/docs/RELEASE_NOTES-1.3.3c
[ 2 ] News from ProFTPD
http://proftpd.org/docs/NEWS-1.3.3c
[ 3 ] Telnet IAC processing stack overflow
http://bugs.proftpd.org/show_bug.cgi?id=3521
[ 4 ] Bug 6365 - ProFTPd remote rootexploit
http://bugs.contribs.org/show_bug.cgi?id=6365
--------------------------------------------------------------------------------
Updated packages:
proftpd-1.3.3c-1.el5.i386.rpm
proftpd-1.3.3c-1.el5.src.rpm
This update can be installed with the Software Installer from the Server Manager.
http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter13#Software_Installer_Panel
--------------------------------------------------------------------------------
-
Hi,
I got this on my sme8b6 with contribs installed (sogo) and on a fresh installed sme8b6:
Please take a look on it, I dont know if this is a bug or not.
[root@sme8kvm ~]# yum update --exclude=libevent
Loaded plugins: fastestmirror, protect-packages, smeserver
Loading mirror speeds from cached hostfile
* base: mirror.atrpms.net
* smeaddons: sme-mirror.firewall-services.com
* smeextras: sme-mirror.firewall-services.com
* smeos: sme-mirror.firewall-services.com
* smeupdates: sme-mirror.firewall-services.com
* updates: mirror.silyus.net
Excluding Packages in global exclude list
Finished
Excluding Packages from CentOS - os
Finished
Excluding Packages from CentOS - updates
Finished
Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package e-smith-backup.noarch 0:2.2.0-45.el5.sme set to be updated
---> Package e-smith-email.noarch 0:5.2.0-10.el5.sme set to be updated
---> Package e-smith-formmagick.noarch 0:2.2.0-4.el5.sme set to be updated
---> Package e-smith-hosts.noarch 0:2.2.0-6.el5.sme set to be updated
---> Package e-smith-pop3.noarch 0:2.2.0-3.el5.sme set to be updated
--> Processing Dependency: checkpassword-pam for package: e-smith-pop3
---> Package e-smith-proxy.noarch 0:5.2.0-4.el5.sme set to be updated
---> Package e-smith-qmail.noarch 0:2.2.0-5.el5.sme set to be updated
---> Package e2fsprogs.i386 0:1.39-23.el5_5.1 set to be updated
---> Package e2fsprogs-libs.i386 0:1.39-23.el5_5.1 set to be updated
---> Package proftpd.i386 0:1.3.3c-1.el5 set to be updated
--> Processing Dependency: libGeoIP.so.1 for package: proftpd
---> Package python.i386 0:2.4.3-27.el5_5.3 set to be updated
---> Package smeserver-locale-bg.noarch 0:2.2.0-35.el5.sme set to be updated
---> Package smeserver-locale-da.noarch 0:2.2.0-35.el5.sme set to be updated
---> Package smeserver-locale-de.noarch 0:2.2.0-35.el5.sme set to be updated
---> Package smeserver-locale-el.noarch 0:2.2.0-35.el5.sme set to be updated
---> Package smeserver-locale-es.noarch 0:2.2.0-35.el5.sme set to be updated
---> Package smeserver-locale-et.noarch 0:2.2.0-35.el5.sme set to be updated
---> Package smeserver-locale-fr.noarch 0:2.2.0-35.el5.sme set to be updated
---> Package smeserver-locale-he.noarch 0:2.2.0-35.el5.sme set to be updated
---> Package smeserver-locale-hu.noarch 0:2.2.0-35.el5.sme set to be updated
---> Package smeserver-locale-id.noarch 0:2.2.0-35.el5.sme set to be updated
---> Package smeserver-locale-it.noarch 0:2.2.0-35.el5.sme set to be updated
---> Package smeserver-locale-ja.noarch 0:2.2.0-35.el5.sme set to be updated
---> Package smeserver-locale-nb.noarch 0:2.2.0-35.el5.sme set to be updated
---> Package smeserver-locale-nl.noarch 0:2.2.0-35.el5.sme set to be updated
---> Package smeserver-locale-pl.noarch 0:2.2.0-35.el5.sme set to be updated
---> Package smeserver-locale-pt.noarch 0:2.2.0-35.el5.sme set to be updated
---> Package smeserver-locale-pt_BR.noarch 0:2.2.0-35.el5.sme set to be updated
---> Package smeserver-locale-ro.noarch 0:2.2.0-35.el5.sme set to be updated
---> Package smeserver-locale-ru.noarch 0:2.2.0-35.el5.sme set to be updated
---> Package smeserver-locale-sl.noarch 0:2.2.0-35.el5.sme set to be updated
---> Package smeserver-locale-sv.noarch 0:2.2.0-35.el5.sme set to be updated
---> Package smeserver-locale-th.noarch 0:2.2.0-35.el5.sme set to be updated
---> Package smeserver-locale-tr.noarch 0:2.2.0-35.el5.sme set to be updated
---> Package smeserver-locale-zh_CN.noarch 0:2.2.0-35.el5.sme set to be updated
---> Package smeserver-locale-zh_TW.noarch 0:2.2.0-35.el5.sme set to be updated
---> Package smeserver-yum.noarch 0:2.2.0-18.el5.sme set to be updated
--> Running transaction check
---> Package GeoIP.i386 0:1.4.7-0.1.20090931cvs.el5 set to be updated
---> Package e-smith-pop3.noarch 0:2.2.0-3.el5.sme set to be updated
--> Processing Dependency: checkpassword-pam for package: e-smith-pop3
--> Finished Dependency Resolution
e-smith-pop3-2.2.0-3.el5.sme.noarch from smeupdates has depsolving problems
--> Missing Dependency: checkpassword-pam is needed by package e-smith-pop3-2.2.0-3.el5.sme.noarch (smeupdates)
Error: Missing Dependency: checkpassword-pam is needed by package e-smith-pop3-2.2.0-3.el5.sme.noarch (smeupdates)
You could try using --skip-broken to work around the problem
You could try running: package-cleanup --problems
package-cleanup --dupes
rpm -Va --nofiles --nodigest
The program package-cleanup is found in the yum-utils package.
-
I got this on my sme8b6 with contribs installed (sogo) and on a fresh installed sme8b6:
Please take a look on it, I dont know if this is a bug or not.
Issues with updates on SME Server 8 should always be reported as a bug. Please report a bug and post back a reference to it here. Thanks in advance.
-
OK,
http://bugs.contribs.org/show_bug.cgi?id=6367
-
Thanks, I'll follow-up in the bug but also a quick summary here.
After the security update for SME8 some verified packages were in the process of being moved to smeupdates, one of these had a dependency as shown above that had not been transferred at the same time. This has already been resolved, but will take some time (a few hours) to reach the mirrors.
-
Thanks.