Date: Sun, 26 Sep 1999 18:44:24 -0600 (MDT) From: Dan Burcaw <dburcaw@terraplex.com> To: lwn@lwn.net, news@macintouch.com, news@linuxtoday.com, Subject: UPDATES: proftpd, beroftpd The Yellow Dog Linux Security Team has just released a new version of proftpd which fixes more security vulnerabilities. Also updated is another ftp daemon, beroftpd. This version adds pam support which was missing in the previous rpm. Packages: proftpd, beroftpd Date: August 29, 1999 Update: September 26, 1999 Problem: A number of security vulnerabilities have been discovered in proftpd in the past several weeks. We previously released updated packages which were thought to have fixed all of the problems. The ProFTPD Development Group has released proftpd 1.2.0pre7 which further fixes security problems in their ftp server. Aditionally, a new version of beroftpd is now available which fixes pam support which the previous rpm lacked. You only need this new rpm if you use beroftpd on your system. proftpd is the default ftp server installed with Yellow Dog Linux. You only need to upgrade it unless you have manually installed wu-ftpd or beroftpd from the extras directory. Urgency: HIGH Solution: rpm -Uvh <file> ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/champion-1.1/RPMS/proftpd-1.2.0pre7-1a.ppc.rpm OR ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/champion-1.1/extras/RPMS/beroftpd-1.3.4-2a.ppc.rpm Be sure to restart inetd once you have upgraded your ftp server. You can do this by executing the following as root: /etc/rc.d/init.d/inet restart Here are the md5 checksums of the update packages, please verify these before installing the new packages by running: md5sum <file> d6542f9df01b2e70bad4c5de49700b8b RPMS/proftpd-1.2.0pre7-1a.ppc.rpm 1429fe3b1740ffd8df329086e18d0989 extras/RPMS/beroftpd-1.3.4-2a.ppc.rpm Users of Champion Server 1.0 can also, and are strongly advised to upgrade their ftp server. More information can be found from our errata page at: http://www.yellowdoglinux.com/resources/errata_cs11.shtml (We've recently updated the errata page to make it easier to find updates. Suggestions on further improving it are welcome)