--------------------------------------------------------------------------------
SME Server Update Notification
2010-11-13
--------------------------------------------------------------------------------
Name : proftpd
Product : SME 8
Version : 1.3.3c
Release : 1.el5
URL : [http://www.proftpd.org/]
Summary : Flexible, stable and highly-configurable FTP server
Description :
ProFTPD is an enhanced FTP server with a focus toward simplicity, security,
and ease of configuration. It features a very Apache-like configuration
syntax, and a highly customizable server infrastructure, including support for
multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory
visibility.
This package defaults to the standalone behavior of ProFTPD, but all the
needed scripts to have it run by xinetd instead are included.
--------------------------------------------------------------------------------
Update Information:
The ProFTPD Project team has released 1.3.3c to the community. This is an
important security release, containing fixes for a Telnet IAC handling
vulnerability and a directory traversal vulnerability in the mod_site_misc
module. References [1] & [2] below contain the full details.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 01 2010 Paul Howarth <paul@city-fan.org> 1.3.3c-1
- Update to 1.3.3c (#647965)
- Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925)
- Fixed directory traversal bug in mod_site_misc (CVE-2010-3867)
- Fixed SQLite authentications using "SQLAuthType Backend"
- New DSO module: mod_geoip
--------------------------------------------------------------------------------
References:
[ 1 ] Release Notes from ProFTPD
http://proftpd.org/docs/RELEASE_NOTES-1.3.3c [ 2 ] News from ProFTPD
http://proftpd.org/docs/NEWS-1.3.3c [ 3 ] Telnet IAC processing stack overflow
http://bugs.proftpd.org/show_bug.cgi?id=3521 [ 4 ] Bug 6365 - ProFTPd remote rootexploit
http://bugs.contribs.org/show_bug.cgi?id=6365--------------------------------------------------------------------------------
Updated packages:
proftpd-1.3.3c-1.el5.i386.rpm
proftpd-1.3.3c-1.el5.src.rpm
This update can be installed with the Software Installer from the Server Manager.
http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter13#Software_Installer_Panel--------------------------------------------------------------------------------