From Mageia wiki
Jump to: navigation, search

MGASA-2013-0024

Date: February 6th, 2013
Affected releases: 2
Media: Core


Description:
Updated proftpd packages fix security vulnerability:

It has been discovered that in ProFTPd, an FTP server, an attacker on the
same physical host as the server may be able to perform a symlink attack
allowing to elevate privileges in some configurations (CVE-2012-6095).


Updated Packages:
i586:
proftpd-1.3.3g-1.2.mga2.i586.rpm
proftpd-devel-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_autohost-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_ban-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_case-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_ctrls_admin-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_gss-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_ifsession-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_ldap-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_load-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_quotatab-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_quotatab_file-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_quotatab_ldap-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_quotatab_radius-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_quotatab_sql-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_radius-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_ratio-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_rewrite-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_sftp-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_shaper-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_site_misc-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_sql-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_sql_mysql-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_sql_passwd-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_sql_postgres-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_time-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_tls-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_vroot-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_wrap-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_wrap_file-1.3.3g-1.2.mga2.i586.rpm
proftpd-mod_wrap_sql-1.3.3g-1.2.mga2.i586.rpm
proftpd-debug-1.3.3g-1.2.mga2.i586.rpm

x86_64:
proftpd-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-devel-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_autohost-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_ban-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_case-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_ctrls_admin-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_gss-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_ifsession-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_ldap-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_load-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_quotatab-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_quotatab_file-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_quotatab_ldap-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_quotatab_radius-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_quotatab_sql-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_radius-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_ratio-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_rewrite-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_sftp-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_shaper-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_site_misc-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_sql-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_sql_mysql-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_sql_passwd-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_sql_postgres-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_time-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_tls-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_vroot-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_wrap-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_wrap_file-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-mod_wrap_sql-1.3.3g-1.2.mga2.x86_64.rpm
proftpd-debug-1.3.3g-1.2.mga2.x86_64.rpm

SRPMS:
proftpd-1.3.3g-1.2.mga2.src.rpm


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6095
http://www.debian.org/security/2013/dsa-2606
https://bugs.mageia.org/show_bug.cgi?id=8691