Bug#697524: proftpd-basic: Apply upstream bugfix for upstream bug #3841 – Possible symlink race when applying UserOwner
Jann Horn
jannhorn at googlemail.com
Sun Jan 6 15:19:13 UTC 2013
Package: proftpd-basic
Version: 1.3.4a-2+b1
Severity: normal
Tags: security
There's a symlink race that could lead to root access in some configurations. See here:
http://bugs.proftpd.org/show_bug.cgi?id=3841
There's an upstream bugfix, so that should probably be backported.
-- System Information:
Debian Release: 7.0
APT prefers testing
APT policy: (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.6.7 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages proftpd-basic depends on:
ii adduser 3.113+nmu3
ii debconf 1.5.49
ii debianutils 4.3.2
ii libacl1 2.2.51-8
ii libc6 2.13-37
ii libcap2 1:2.22-1.2
ii libncurses5 5.9-10
ii libpam-runtime 1.1.3-7.1
ii libpam0g 1.1.3-7.1
ii libpcre3 1:8.30-5
ii libssl1.0.0 1.0.1c-4
ii libtinfo5 5.9-10
ii libwrap0 7.6.q-24
ii netbase 5.0
ii sed 4.2.1-10
ii ucf 3.0025+nmu3
ii update-inetd 4.43
ii zlib1g 1:1.2.7.dfsg-13
proftpd-basic recommends no packages.
Versions of packages proftpd-basic suggests:
ii openbsd-inetd [inet-superserver] 0.20091229-2
ii openssl 1.0.1c-4
pn proftpd-doc <none>
pn proftpd-mod-ldap <none>
pn proftpd-mod-mysql <none>
pn proftpd-mod-odbc <none>
pn proftpd-mod-pgsql <none>
pn proftpd-mod-sqlite <none>
-- debconf information excluded
More information about the Pkg-proftpd-maintainers
mailing list