Description: | Description: The remote host is missing an update to proftpd announced via advisory FEDORA-2009-13250.
For details, please visit the referenced advisories.
ChangeLog:
* Thu Dec 10 2009 Paul Howarth 1.3.2c-1 - Update to 1.3.2c, addressing the following issues: - SSL/TLS renegotiation vulnerability (CVE-2009-3555, bug 3324) - Failed database transaction can cause mod_quotatab to loop (bug 3228) - Segfault in mod_wrap (bug 3332) - sections can have problems (bug 3337) - mod_wrap2 segfaults when a valid user retries the USER command (bug 3341) - mod_auth_file handles 'getgroups' request incorrectly (bug 3347) - Segfault caused by scrubbing zero-length portion of memory (bug 3350) - Drop upstreamed segfault patch * Thu Dec 10 2009 Paul Howarth 1.3.2b-3 - Add patch for upstream bug 3350 - segfault on auth failures * Wed Dec 9 2009 Paul Howarth 1.3.2b-2 - Reduce the mod_facts patch to the single commit addressing the issue with directory names with glob characters (#521634), avoiding introducing a further problem with (#544002)
References:
[ 1 ] Bug #533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation https://bugzilla.redhat.com/show_bug.cgi?id=533125
Solution: Apply the appropriate updates.
This update can be installed with the yum update program. Use su -c 'yum update proftpd' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/.
http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2009-13250
CVSS Score: 5.8
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
|