FEDORA-EPEL-2017-f057518fbd

security update in Fedora EPEL 7 for proftpd

Status: stable 2 years ago

Current upstream maintenance release for the 1.3.5 series.

Includes fix for CVE-2017-7418, where not all path elements were checked for symlinks when using a chroot, so attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link.

Comments 7

This update has been submitted for testing by pghmcfc.

This update has obsoleted proftpd-1.3.5e-1.el7, and has inherited its bugs and notes.

pghmcfc edited this update.

This update has been pushed to testing.

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for stable by pghmcfc.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
medium
Karma
0
stable threshold: 3
unstable threshold: -1
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago
modified 2 years ago

Related Bugs 2

00 #1439693 CVE-2017-7418 proftpd: AllowChrootSymlinks control bypass
00 #1439696 CVE-2017-7418 proftpd: AllowChrootSymlinks control bypass [epel-all]

Automated Test Results