![[LWN Logo]](/images/lc.png)
![[Timeline]](/images/Included.png)
|
|
|
|
Date: Fri, 23 Jun 2000 21:28:26 -0300 From: Security <secure@conectiva.com.br> To: bugtraq@securityfocus.com, lwn@lwn.net, bos-br@sekure.org Subject: CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD (re-release) ---------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT (re-release) ---------------------------------------------------------------------- PACKAGE: wu-ftpd SUMMARY: Remote root compromise DATE : 2000-06-23 AFFECTED CONECTIVA VERSIONS : servidor-1.0 3.0 4.0 4.0es 4.1 4.2 5.0 DESCRIPTION This is a new release. Our previous -10cl didn't fix the problem. wu-ftpd package version 2.6.0 and below has a buffer overflow that can be remotely exploited and give an attacker root privileges on the remote machine. SOLUTION All users of wu-ftpd MUST upgrade immediately. The updated packages contain a patch to fix this vulnerability. Users of "Conectiva Linux 3.0" can use the packages supplied for "servidor-1.0". Please note that the -10cl packages released earlier today didn't correct this problem. DIRECT DOWNLOAD LINKS TO UPDATED PACKAGES ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/i386/wu-ftpd-2.6.0-11cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/i386/wu-ftpd-2.6.0-11cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/wu-ftpd-2.6.0-11cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/wu-ftpd-2.6.0-11cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/wu-ftpd-2.6.0-11cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/servidor-1.0/i386/wu-ftpd-2.6.0-11cl.i386.rpm DIRECT LINK TO THE SOURCE PACKAGES ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/SRPMS/wu-ftpd-2.6.0-11cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/SRPMS/wu-ftpd-2.6.0-11cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/SRPMS/wu-ftpd-2.6.0-11cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/SRPMS/wu-ftpd-2.6.0-11cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/wu-ftpd-2.6.0-11cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/servidor-1.0/SRPMS/wu-ftpd-2.6.0-11cl.i386.rpm ---------------------------------------------------------------------- All packages are signed with Conectiva's PGP key. The key can be obtained at http://www.conectiva.com.br/conectiva/contato.html ---------------------------------------------------------------------- subscribe: atualizacoes-anuncio-subscribe@bazar.conectiva.com.br unsubscribe: atualizacoes-anuncio-unsubscribe@bazar.conectiva.com.br