lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Q0HJl-0004Zp-8i@titan.mandriva.com>
Date: Thu, 17 Mar 2011 18:49:01 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2011:046 ] pure-ftpd

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:046
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : pure-ftpd
 Date    : March 17, 2011
 Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A security flaw was discovered in pure-ftpd which allows plaintext
 command injection over TLS (similar to CVE-2011-0411).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://www.postfix.org/CVE-2011-0411.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 ed4ae86475a00faaadbda5683ee496f5  2009.0/i586/pure-ftpd-1.0.21-8.1mdv2009.0.i586.rpm
 0dea42dbd5958a0a4a4e8a47d020062a  2009.0/i586/pure-ftpd-anon-upload-1.0.21-8.1mdv2009.0.i586.rpm
 3f3c60fbe60ffa16a542ae78868042c1  2009.0/i586/pure-ftpd-anonymous-1.0.21-8.1mdv2009.0.i586.rpm 
 32f302505171f7d7801acec8e0aac0ab  2009.0/SRPMS/pure-ftpd-1.0.21-8.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 9fbbd20ce659012dcef2ea534b3e065c  2009.0/x86_64/pure-ftpd-1.0.21-8.1mdv2009.0.x86_64.rpm
 d953ece1911ad4f744b5fe5f704c2e9e  2009.0/x86_64/pure-ftpd-anon-upload-1.0.21-8.1mdv2009.0.x86_64.rpm
 fd131923aa12607939a33ab0d5a47690  2009.0/x86_64/pure-ftpd-anonymous-1.0.21-8.1mdv2009.0.x86_64.rpm 
 32f302505171f7d7801acec8e0aac0ab  2009.0/SRPMS/pure-ftpd-1.0.21-8.1mdv2009.0.src.rpm

 Mandriva Linux 2010.0:
 580032400f3f536b90509404bfa5ff50  2010.0/i586/pure-ftpd-1.0.22-1.1mdv2010.0.i586.rpm
 05fe3428a8378f9c7e8282d9e62c9fdf  2010.0/i586/pure-ftpd-anon-upload-1.0.22-1.1mdv2010.0.i586.rpm
 8e63f703e071bf7f819b98cb96eeab1d  2010.0/i586/pure-ftpd-anonymous-1.0.22-1.1mdv2010.0.i586.rpm 
 5370b6f3148695cae7d37dd7a79c4158  2010.0/SRPMS/pure-ftpd-1.0.22-1.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 897957ada6eadf9e87bae3e26ff442fe  2010.0/x86_64/pure-ftpd-1.0.22-1.1mdv2010.0.x86_64.rpm
 add9ece828990b566192691992e43cc6  2010.0/x86_64/pure-ftpd-anon-upload-1.0.22-1.1mdv2010.0.x86_64.rpm
 6c82671449daf5c7b9d6e40c4c33939b  2010.0/x86_64/pure-ftpd-anonymous-1.0.22-1.1mdv2010.0.x86_64.rpm 
 5370b6f3148695cae7d37dd7a79c4158  2010.0/SRPMS/pure-ftpd-1.0.22-1.1mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 441c80d9c965274c99d34fce9a4bb6ca  2010.1/i586/pure-ftpd-1.0.29-2.1mdv2010.2.i586.rpm
 f73c5b101a3100fa5ccf7be95cb820c1  2010.1/i586/pure-ftpd-anon-upload-1.0.29-2.1mdv2010.2.i586.rpm
 1bf7c0076615559f213f9e90aabe1ee3  2010.1/i586/pure-ftpd-anonymous-1.0.29-2.1mdv2010.2.i586.rpm 
 77f0d44baa44e8abc0a5393154d1e347  2010.1/SRPMS/pure-ftpd-1.0.29-2.1mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 7f83617195a06fe87d4fe91f78256ea8  2010.1/x86_64/pure-ftpd-1.0.29-2.1mdv2010.2.x86_64.rpm
 d0428e106e4c4233a266b62b1208f63e  2010.1/x86_64/pure-ftpd-anon-upload-1.0.29-2.1mdv2010.2.x86_64.rpm
 04a2e708f8334b33fda7975f72c9afd0  2010.1/x86_64/pure-ftpd-anonymous-1.0.29-2.1mdv2010.2.x86_64.rpm 
 77f0d44baa44e8abc0a5393154d1e347  2010.1/SRPMS/pure-ftpd-1.0.29-2.1mdv2010.2.src.rpm

 Corporate 4.0:
 2054ec719cbd8c9be8ad7e9bc654f79e  corporate/4.0/i586/pure-ftpd-1.0.20-7.1.20060mlcs4.i586.rpm
 2614d3560204ffb498f6c49453442d05  corporate/4.0/i586/pure-ftpd-anon-upload-1.0.20-7.1.20060mlcs4.i586.rpm
 1fb356298d6a5c4b50b6822e8dde3e0b  corporate/4.0/i586/pure-ftpd-anonymous-1.0.20-7.1.20060mlcs4.i586.rpm 
 63859bd845934e2d382fd2406a1fd9f7  corporate/4.0/SRPMS/pure-ftpd-1.0.20-7.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 b4d4edc6889d96135330b98057bf5396  corporate/4.0/x86_64/pure-ftpd-1.0.20-7.1.20060mlcs4.x86_64.rpm
 99ffba7cc4e729a617ca45a10baa9125  corporate/4.0/x86_64/pure-ftpd-anon-upload-1.0.20-7.1.20060mlcs4.x86_64.rpm
 b84684dfd4166dcf6def917014355b76  corporate/4.0/x86_64/pure-ftpd-anonymous-1.0.20-7.1.20060mlcs4.x86_64.rpm 
 63859bd845934e2d382fd2406a1fd9f7  corporate/4.0/SRPMS/pure-ftpd-1.0.20-7.1.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 3e3694e0220ab4cfc55b3d0614443d5d  mes5/i586/pure-ftpd-1.0.21-8.1mdvmes5.2.i586.rpm
 c281cdd9b6ab44f956802cbd9d327e36  mes5/i586/pure-ftpd-anon-upload-1.0.21-8.1mdvmes5.2.i586.rpm
 ab25c5522a053fddf570a7af29f79db7  mes5/i586/pure-ftpd-anonymous-1.0.21-8.1mdvmes5.2.i586.rpm 
 71436d40f9fe4780edc71f326a71324c  mes5/SRPMS/pure-ftpd-1.0.21-8.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 dd4fbf6ccb18a342b91b2bdc07048fd9  mes5/x86_64/pure-ftpd-1.0.21-8.1mdvmes5.2.x86_64.rpm
 70a0f49eaca5fd8f7a80967810fbfb7d  mes5/x86_64/pure-ftpd-anon-upload-1.0.21-8.1mdvmes5.2.x86_64.rpm
 7e6c3b99218158806d3c747f781a449b  mes5/x86_64/pure-ftpd-anonymous-1.0.21-8.1mdvmes5.2.x86_64.rpm 
 71436d40f9fe4780edc71f326a71324c  mes5/SRPMS/pure-ftpd-1.0.21-8.1mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNghiJmqjQ0CJFipgRAmfEAJ4h4GUCYRRxPThbwS8OU/Nidb5IIwCgzjQL
Rdh2CJ9ld+U6AJmffwFyQO4=
=tWH8
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ