Mailinglist Archive: opensuse-updates (64 mails)

< Previous Next >
openSUSE-SU-2013:1563-1: moderate: proftpd: security and bugfix update to 1.3.4d
openSUSE Security Update: proftpd: security and bugfix update to 1.3.4d
______________________________________________________________________________

Announcement ID: openSUSE-SU-2013:1563-1
Rating: moderate
References: #787884 #811793 #843444
Cross-References: CVE-2013-4359
Affected Products:
openSUSE 12.3
openSUSE 12.2
______________________________________________________________________________

An update that solves one vulnerability and has two fixes
is now available.

Description:


proftpd was updated to 1.3.4d.
* Fixed broken build when using --disable-ipv6 configure
option
* Fixed mod_sql "SQLAuthType Backend" MySQL issues
- fix for bnc#843444 (CVE-2013-4359)
* http://bugs.proftpd.org/show_bug.cgi?id=3973
* add proftpd-sftp-kbdint-max-responses-bug3973.patch

- Improve systemd service file
- use upstream tmpfiles.d file. related to [bnc#811793]
- Use /run instead of /var/run

- update to 1.3.4c
* Added Spanish translation.
* Fixed several mod_sftp issues, including
SFTPPassPhraseProvider, handling of symlinks for
REALPATH requests, and response code logging.
* Fixed symlink race for creating directories when
UserOwner is in effect.
* Increased performance of FTP directory listings.
- rebase and rename patches (remove version string)
* proftpd-1.3.4a-dist.patch -> proftpd-dist.patch
* proftpd-1.3.4a-ftpasswd.patch -> proftpd-ftpasswd.patch
* proftpd-1.3.4a-strip.patch -> proftpd-strip.patch

- fix proftpd.conf (rebase basic.conf patch)
* IdentLookups is now a seperate module <IfModule
mod_ident.c> IdentLookups on/off </IfModule> is needed
and module is not built cause crrodriguez disabled it.

- fix for bnc#787884
(https://bugzilla.novell.com/show_bug.cgi?id=787884)
* added extra Source proftpd.conf.tmpfile

- Disable ident lookups, this protocol is totally obsolete
and dangerous. (add --disable-ident)
- Fix debug info generation ( add --disable-strip)

- Add systemd unit

- update to 1.3.4b
+ Fixed mod_ldap segfault on login when LDAPUsers with no
filters used.
+ Fixed sporadic SFTP upload issues for large files.
+ Fixed SSH2 handling for some clients (e.g. OpenVMS).
+ New FactsOptions directive; see
doc/modules/mod_facts.html#FactsOptions
+ Fixed build errors on Tru64, AIX, Cygwin.
- add Source Signatuire (.asc) file
- add noBuildDate patch
- add lang pkg
* --enable-nls
- add configure option
* --enable-openssl, --with-lastlog


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.3:

zypper in -t patch openSUSE-2013-778

- openSUSE 12.2:

zypper in -t patch openSUSE-2013-778

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.3 (i586 x86_64):

proftpd-1.3.4d-4.4.5
proftpd-debuginfo-1.3.4d-4.4.5
proftpd-debugsource-1.3.4d-4.4.5
proftpd-devel-1.3.4d-4.4.5
proftpd-doc-1.3.4d-4.4.5
proftpd-ldap-1.3.4d-4.4.5
proftpd-ldap-debuginfo-1.3.4d-4.4.5
proftpd-mysql-1.3.4d-4.4.5
proftpd-mysql-debuginfo-1.3.4d-4.4.5
proftpd-pgsql-1.3.4d-4.4.5
proftpd-pgsql-debuginfo-1.3.4d-4.4.5
proftpd-radius-1.3.4d-4.4.5
proftpd-radius-debuginfo-1.3.4d-4.4.5
proftpd-sqlite-1.3.4d-4.4.5
proftpd-sqlite-debuginfo-1.3.4d-4.4.5

- openSUSE 12.3 (noarch):

proftpd-lang-1.3.4d-4.4.5

- openSUSE 12.2 (i586 x86_64):

proftpd-1.3.4d-2.5.1
proftpd-debuginfo-1.3.4d-2.5.1
proftpd-debugsource-1.3.4d-2.5.1
proftpd-devel-1.3.4d-2.5.1
proftpd-doc-1.3.4d-2.5.1
proftpd-ldap-1.3.4d-2.5.1
proftpd-ldap-debuginfo-1.3.4d-2.5.1
proftpd-mysql-1.3.4d-2.5.1
proftpd-mysql-debuginfo-1.3.4d-2.5.1
proftpd-pgsql-1.3.4d-2.5.1
proftpd-pgsql-debuginfo-1.3.4d-2.5.1
proftpd-radius-1.3.4d-2.5.1
proftpd-radius-debuginfo-1.3.4d-2.5.1
proftpd-sqlite-1.3.4d-2.5.1
proftpd-sqlite-debuginfo-1.3.4d-2.5.1

- openSUSE 12.2 (noarch):

proftpd-lang-1.3.4d-2.5.1


References:

http://support.novell.com/security/cve/CVE-2013-4359.html
https://bugzilla.novell.com/787884
https://bugzilla.novell.com/811793
https://bugzilla.novell.com/843444


< Previous Next >
This Thread
  • No further messages