From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1925-1
[email protected] http://www.debian.org/security/ Steffen Joeris
October 31, 2009
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : proftpd-dfsg
Vulnerability : insufficient input validation
Problem type : remote
Debian-specific: no
CVE Id : CVE-2009-3639
It has been discovered that proftpd-dfsg, a virtual-hosting FTP daemon,
does not properly handle a '\0' character in a domain name in the
Subject Alternative Name field of an X.509 client certificate, when the dNSNameRequired TLS option is enabled.
For the stable distribution (lenny), this problem has been fixed in
version 1.3.1-17lenny4.
For the oldstable distribution (etch), this problem has been fixed in
version 1.3.0-19etch3.
Binaries for the amd64 architecture will be released once they are
available.
For the testing distribution (squeeze) and the unstable distribution
(sid), this problem has been fixed in version 1.3.2a-2.
We recommend that you upgrade your proftpd-dfsg packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-dfsg_1.3.0-19etch3.tar.gz
Size/MD5 checksum: 1905969 38528feb0ffb9bd88db6f175d6020b8d
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-dfsg_1.3.0-19etch3.dsc
Size/MD5 checksum: 872 0bd9359e5bf664360be0c144225649b2
Architecture independent packages:
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mysql_1.3.0-19etch3_all.deb
Size/MD5 checksum: 162748 5608f61ea367720d306635309b85d6bc
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-ldap_1.3.0-19etch3_all.deb
Size/MD5 checksum: 162748 e16562c92cdc0f0c344ded50f5916d36
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-pgsql_1.3.0-19etch3_all.deb
Size/MD5 checksum: 162752 98b538acf18e6c6a7fedfcaab1a35dee
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-doc_1.3.0-19etch3_all.deb
Size/MD5 checksum: 492828 eb6950dbd7f5a48fea262fa373224d01
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.0-19etch3_alpha.deb
Size/MD5 checksum: 997748 b6db8df62a1a19529b8a75cd3965c61c
arm architecture (ARM)
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.0-19etch3_arm.deb
Size/MD5 checksum: 803396 01f586c57a9df10f764b1250182aaf4a
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.0-19etch3_hppa.deb
Size/MD5 checksum: 936038 662b6032362df105994979458344e4c5
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.0-19etch3_i386.deb
Size/MD5 checksum: 798022 44f0f80e230c4f86e12daf20129ec636
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.0-19etch3_ia64.deb
Size/MD5 checksum: 1188390 9e68db2aa07f4f477e050f961e766bd5
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.0-19etch3_mips.deb
Size/MD5 checksum: 856696 0a9f117d838b1b612d05c88ac76caed4
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.0-19etch3_mipsel.deb
Size/MD5 checksum: 856038 3b04229098a901c9b4de298443af7aff
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.0-19etch3_sparc.deb
Size/MD5 checksum: 830844 08971c1104010e23c01d52b343b11f56
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-dfsg_1.3.1-17lenny4.dsc
Size/MD5 checksum: 1349 825576201541f76cbc1dcab44bae9e61
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-dfsg_1.3.1-17lenny4.diff.gz
Size/MD5 checksum: 103691 8b4252ad95f772b66b7dd06d60a1bfa6
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-dfsg_1.3.1.orig.tar.gz
Size/MD5 checksum: 2662056 da40b14c5b8ec5467505c98b4ee4b7b9
Architecture independent packages:
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-doc_1.3.1-17lenny4_all.deb
Size/MD5 checksum: 1256500 001a1754365940758a4ec97ead34fb34
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.1-17lenny4_all.deb
Size/MD5 checksum: 195088 1951485bf96a4a688495c5ebfa050749
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny4_alpha.deb
Size/MD5 checksum: 215366 e95e97a49984acf80828d18da59c72e9
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny4_alpha.deb
Size/MD5 checksum: 783554 921f2efef6cc2fc8688bcbb6ca9d8b59
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny4_alpha.deb
Size/MD5 checksum: 204746 ab8e55b37a646a496bb122e32d90b067
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny4_alpha.deb
Size/MD5 checksum: 204640 5e3dc3781500c2c5a577e39ec4446d75
arm architecture (ARM)
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)