MGASA-2013-0024
Date: | February 6th, 2013 |
Affected releases: | 2 |
Media: | Core |
Description:
Updated proftpd packages fix security vulnerability:
It has been discovered that in ProFTPd, an FTP server, an attacker on the
same physical host as the server may be able to perform a symlink attack
allowing to elevate privileges in some configurations (CVE-2012-6095).
Updated Packages:
i586:
proftpd-1.3.3g-1.2.mga2.i586.rpm
proftpd-devel-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_autohost-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_ban-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_case-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_ctrls_admin-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_gss-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_ifsession-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_ldap-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_load-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_quotatab-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_quotatab_file-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_quotatab_ldap-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_quotatab_radius-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_quotatab_sql-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_radius-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_ratio-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_rewrite-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_sftp-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_shaper-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_site_misc-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_sql-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_sql_mysql-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_sql_passwd-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_sql_postgres-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_time-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_tls-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_vroot-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_wrap-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_wrap_file-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_wrap_sql-1.3.3g-1.2.mga2.i586.rpm
proftpd-debug-1.3.3g-1.2.mga2.i586.rpm
x86_64:
proftpd-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-devel-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_autohost-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_ban-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_case-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_ctrls_admin-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_gss-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_ifsession-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_ldap-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_load-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_quotatab-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_quotatab_file-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_quotatab_ldap-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_quotatab_radius-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_quotatab_sql-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_radius-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_ratio-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_rewrite-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_sftp-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_shaper-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_site_misc-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_sql-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_sql_mysql-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_sql_passwd-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_sql_postgres-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_time-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_tls-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_vroot-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_wrap-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_wrap_file-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_wrap_sql-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-debug-1.3.3g-1.2.mga2.x86_64.rpm
SRPMS:
proftpd-1.3.3g-1.2.mga2.src.rpm
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6095
http://www.debian.org/security/2013/dsa-2606
https://bugs.mageia.org/show_bug.cgi?id=8691