Current upstream maintenance release for the 1.3.5 series.
Includes fix for CVE-2017-7418, where not all path elements were checked for symlinks when using a chroot, so attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link.
sudo dnf upgrade --advisory=FEDORA-EPEL-2017-f057518fbd
|submitted||2 years ago|
|in testing||2 years ago|
|in stable||2 years ago|
|modified||2 years ago|
|0||0||#1439693 CVE-2017-7418 proftpd: AllowChrootSymlinks control bypass|
|0||0||#1439696 CVE-2017-7418 proftpd: AllowChrootSymlinks control bypass [epel-all]|