Current upstream maintenance release for the 1.3.5 series.
Includes fix for CVE-2017-7418, where not all path elements were checked for symlinks when using a chroot, so attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link.
Please login to add feedback.
|submitted||2 years ago|
|in testing||2 years ago|
|in stable||2 years ago|
|modified||2 years ago|
|0||0||#1439693 CVE-2017-7418 proftpd: AllowChrootSymlinks control bypass|
|0||0||#1439696 CVE-2017-7418 proftpd: AllowChrootSymlinks control bypass [epel-all]|