![[LWN Logo]](/images/lwn.banner.gif)
Date: Sun, 26 Sep 1999 18:44:24 -0600 (MDT)
From: Dan Burcaw <dburcaw@terraplex.com>
To: lwn@lwn.net, news@macintouch.com, news@linuxtoday.com,
Subject: UPDATES: proftpd, beroftpd
The Yellow Dog Linux Security Team has just released a new version of
proftpd which fixes more security vulnerabilities. Also updated is another
ftp daemon, beroftpd. This version adds pam support which was missing in
the previous rpm.
Packages: proftpd, beroftpd
Date: August 29, 1999
Update: September 26, 1999
Problem:
A number of security vulnerabilities have been discovered in proftpd in
the past several weeks. We previously released updated packages which were
thought to have fixed all of the problems. The ProFTPD Development Group
has released proftpd 1.2.0pre7 which further fixes security problems in
their ftp server.
Aditionally, a new version of beroftpd is now available which fixes pam
support which the previous rpm lacked. You only need this new rpm if you
use beroftpd on your system.
proftpd is the default ftp server installed with Yellow Dog Linux. You
only need to upgrade it unless you have manually installed wu-ftpd
or beroftpd from the extras directory.
Urgency: HIGH
Solution: rpm -Uvh <file>
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/champion-1.1/RPMS/proftpd-1.2.0pre7-1a.ppc.rpm
OR
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/champion-1.1/extras/RPMS/beroftpd-1.3.4-2a.ppc.rpm
Be sure to restart inetd once you have upgraded your ftp server. You can
do this by executing the following as root: /etc/rc.d/init.d/inet restart
Here are the md5 checksums of the update packages, please verify these
before installing the new packages by running: md5sum <file>
d6542f9df01b2e70bad4c5de49700b8b RPMS/proftpd-1.2.0pre7-1a.ppc.rpm
1429fe3b1740ffd8df329086e18d0989 extras/RPMS/beroftpd-1.3.4-2a.ppc.rpm
Users of Champion Server 1.0 can also, and are strongly advised to upgrade
their ftp server.
More information can be found from our errata page at:
http://www.yellowdoglinux.com/resources/errata_cs11.shtml
(We've recently updated the errata page to make it easier to find updates.
Suggestions on further improving it are welcome)