[SECURITY] [DLA 4077-1] proftpd-dfsg security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 4077-1] proftpd-dfsg security update
From: rouca@debian.org
Date: Sun, 2 Mar 2025 19:47:05 +0000
Message-id: <[🔎] 3c9c961b74d5c964b41422423be05c26@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4077-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                   Bastien RoucariÃ¨s
March 02, 2025                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : proftpd-dfsg
Version        : 1.3.7a+dfsg-12+deb11u5
CVE ID         : CVE-2024-57392
Debian Bug     : 1090813

proftpd a popular FTP server was affected by a vulnerability.

CVE-2024-57392:

    Buffer Overflow vulnerability in Proftpd allowed a remote
    attacker to execute arbitrary code and can cause a
    Denial of Service (DoS) on the FTP service by sending a
    maliciously crafted message to the ProFTPD service port.

Moreover this release include some bug fixes:
- - upstream issue #1171
  "Downloading a file contains the contents of another file."
- - Fix the computation of he RADIUS Message-Authenticator
  signature to conform more properly to RFC 2869. Fix
  Blastradius breakage.

For Debian 11 bullseye, this problem has been fixed in version
1.3.7a+dfsg-12+deb11u5.

We recommend that you upgrade your proftpd-dfsg packages.

For the detailed security status of proftpd-dfsg please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/proftpd-dfsg

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmfEtbgACgkQADoaLapB
CF+HZg/+OxaHrQLh8ZJnVUDDCFYR8sPzhrOyQK99qUwQUsafw4I9PJLOqbpVG2Oo
L3Zsxs5Va7addtp6iCsvAPO5zNUOdr/+oDUWf8bIbLaicMf3xHtbiXbJUqkvk7T/
0QDC9XwKpGutLa161e0BxXNzooVSrRTDX/iIKqpQIwlBMpCASXf5vQAqUSdA2LbT
ZuPZqJw9Jgprsa5UGVVIiO0mZIJdU72ld3yoXcZ6D8qNiLQUoDQGfc9ROcdkYlrW
yapDyN1HZymL3i43cCzzo90faKk7iYJe4R0EcD03TIoMTwd2DOu6+2Qbh3gJh3vg
vnw0zXA6eR1T9zE50yTIaiPRhc736r/PTZ07tW0b6hCZF7W836x+Y4ynbLJXn4/o
BG70qFjkvRihv2WuAAKk0BCaRNsrxlVLz5P1uIvTPLJyMGNtyr2fu9p7MRz6OLvm
WXTMYWLdoBrn1tH822V4EzzlXYqD+zXPmDqHKjJcJ+GcvAKu8kULOXtKtrmbTp3I
XXJKXk24t9ZnZJq7ZJbZd+Izri7x7MmmaYwkhG8p/GFHNoemA3Dv/FCdG+rxaTHW
qKH4zyjmjNhthOagDra2EK2G/ECtJXFiepNpPTPWAl1kWIXVu2/FQtT3ip4WEgr7
HsDz9Glyu2dPWKAXbnFmFDmBdcoPdSSdkDqfsFHrz2QrIYXuxck=
=dGCo
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4075-1] linux security update
Next by Date: [SECURITY] [DLA 4078-1] firefox-esr security update
Previous by thread: [SECURITY] [DLA 4075-1] linux security update
Next by thread: [SECURITY] [DLA 4078-1] firefox-esr security update
Index(es):
- Date
- Thread