FEDORA-EPEL-2016-bafacd5846

security update in Fedora EPEL 5 for proftpd

Status: stable 3 years ago

This update fixes issues with selection of inappropriate DH parameters, which could lead to encrypted traffic being more easily decrypted than it should be.

The update also adds support for specifying TLSv1.1 and TLSv1.2, and fixes an SUID/SGID directory permission setting regression introduced with an earlier update addressing CVE-2012-6095.

Comments 8

This update has been submitted for testing by pghmcfc.

This update has been pushed to testing.

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

pghmcfc edited this update.

New build(s):

  • proftpd-1.3.3g-6.el5

Removed build(s):

  • proftpd-1.3.3g-5.el5

This update has been submitted for testing by pghmcfc.

This update has been pushed to testing.

This update has been submitted for stable by pghmcfc.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
low
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Disabled
Autopush (time)
Disabled
Dates
submitted 3 years ago
in testing 3 years ago
in stable 3 years ago
modified 3 years ago

Related Bugs 4

00 #1281493 Unable to use TLSv1.1 or TLSv1.2 protocol when TLSProtocol is set to TLSv1
00 #1297264 Backport fix for handling/propagation of SUID/SGID bits from parent directory
00 #1317420 CVE-2016-3125 proftpd: usage of 1024 bit DH key even with manual parameters set
00 #1317422 CVE-2016-3125 proftpd: usage of 1024 bit DH key even with manual parameters set [epel-all]

Automated Test Results