![[LWN Logo]](/images/lwn.banner.gif)
To: debian-user@lists.debian.org cc: debian-devel@lists.debian.org Subject: Debian FTP Security Update Date: Wed, 10 Feb 1999 11:13:11 -0500 From: Johnie Ingram <johnie@netgod.net> -----BEGIN PGP SIGNED MESSAGE----- A security problem has been found in proftpd and wu-ftpd-academ. It allows, once logged in, to potentially execute commands as root. This is the Palmetto bug reported by Netect, and should be fixed as soon as possible. (http://www.netect.com/advisory_0209.html) Debian 2.0 - -------- PROFTPD: i386: wget http://netgod.net/debian/security/proftpd_1.2.0pre1-2_i386.deb dpkg --install proftpd_1.2.0pre1-2_i386.deb m68k: wget http://netgod.net/debian/security/proftpd_1.2.0pre1-2_m68k.deb dpkg --install proftpd_1.2.0pre1-2_m68k.deb WU-FTPD: i386: wget http://netgod.net/debian/security/wu-ftpd-academ_2.4.2.16-12.2_i386.deb dpkg --install wu-ftpd-academ_2.4.2.16-12.2_i386.deb Debian 2.1 Beta - ------------- The "slink" and "potato" releases already include a secure proftpd 1.2.0pre1-1. For wu-ftpd download and install the package above. These packages will be in place for regular dselect and APT upgrades by tomorrow. The wu-ftpd package above includes the security patch from Olaf Kirch. The proftpd package is source from Flood's CVS which includes the patch at ftp.proftpd.org. Thanks to Jordan Ritter of Netect for detailing this bug, and to these authors for fixing it. 6fa9921e694972015d4e3d34184c4f2b proftpd_1.2.0pre1-2_i386.deb 52053f8b9f348ff1929db91951cf394f proftpd_1.2.0pre1-2_m68k.deb b851adb345917a6f92e8b03f8cc97ff2 wu-ftpd-academ_2.4.2.16-12.2_i386.deb - --------------------- PGP E4 70 6E 59 80 6A F5 78 63 32 BC FB 7A 08 53 4C __ _ Debian GNU Johnie Ingram <johnie@netgod.net> mm mm / /(_)_ __ _ ___ __ www.netgod.net irc.debian.org mm mm / / | | '_ \| | | \ \/ / m m m / /__| | | | | |_| |> < World Domination, of course. mm mm \____/_|_| |_|\__,_/_/\_\ And scantily clad females. GO BLUE -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: latin1 iQCVAwUBNsGvuhCswmGWXGp9AQGcIgP/TRm5zWAfqk3hjO1ahilo7XfVFltMd33G Kd+QkJ1TzWb1He9KArG1ZZeUoLDBk6f7pCk2ox7p+fAuXfLUC2F11VD+JYUgHhGy ySbp5mM+A9XzCCb7WkIpKdkiTbkA2UErpumfM2tUAvf1AVNNvAmM/elfZpcrT/9C hDJeTEf1n18= =ssG1 -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org