[ubuntu/focal-updates] proftpd-dfsg 1.3.6c-2ubuntu0.1 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Tue Feb 25 14:58:46 UTC 2025
proftpd-dfsg (1.3.6c-2ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: terrapin attack
- d/p/CVE-2023-48795/only-send-an-SSH-EXT_INFO-message-if-supported.patch:
only send an SSH-EXT_INFO message if supported
- d/p/CVE-2023-48795/implement-the-strict-KEX-mitigation.patch:
implement the strict KEX mitigation
- CVE-2023-48795
* SECURITY UPDATE: out of bound read causes daemon crash
- d/p/CVE-2023-51713.patch: skip parsing quote backslash sequence
- CVE-2023-51713
* ignore-supplemental-groups-when-run-as-nonroot.patch: fix dropping privs
when running as non-root
* SECURITY UPDATE: privilege escalation due to missing group checks
- d/p/CVE-2024-48651.patch: only set group for daemon to primary gid
- CVE-2024-48651
* fix-radius-signature-for-RFC-2869.patch: fix the computation of the RADIUS
Message-Authenticator signature to conform more properly to RFC 2869
Date: 2025-02-06 08:07:24.209438+00:00
Changed-By: Sudhakar Verma <sudhakar.verma at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/proftpd-dfsg/1.3.6c-2ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list