[FEDORA-2009-13250] Fedora 12: proftpd
This update addresses CVE-2009-3555 (SSL/TLS renegotiation vulnerability),
mitigating the problem by refusing all client-initiated SSL/TLS session
renegotiations. This update to the latest maintenance release also fixes a
number of bugs recorded in the proftpd bug tracker: - SSL/TLS renegotiation
vulnerability (CVE-2009-3555, bug 3324) - Failed database transaction can cause
mod_quotatab to loop (bug 3228) - Segfault in mod_wrap (bug 3332) -
<Directory> sections can have <Limit> problems (bug 3337) - mod_wrap2 segfaults
when a valid user retries the USER command (bug 3341) - mod_auth_file handles
'getgroups' request incorrectly (bug 3347) - Segfault caused by scrubbing zero-
length portion of memory (bug 3350) Finally, the behaviour of the MLSD FTP
command (used in many modern FTP clients to list directories) is fixed for the
case when the FTP server's configuration disallows its usage (using a <Limit>
clause) in some but not all places (#544002).
Package | Affected Version |
---|---|
pkg:rpm/fedora/proftpd?distro=fedora-12 | < 1.3.2c.1.fc12 |
- ID
- FEDORA-2009-13250
- Severity
- medium
- Severity from
- CVE-2009-3555
- URL
- https://bodhi.fedoraproject.org/updates/FEDORA-2009-13250
- Published
-
2009-12-27T20:24:34
(14 years ago) - Modified
-
2009-12-27T20:24:34
(14 years ago) - Rights
- Copyright 2009 Red Hat, Inc.
- Other Advisories
-
- CISCO-SA-20091105-CVE-2009-3555
- CISCO-SA-20091109-TLS
- DSA-3253-1
- ELSA-2009-1579
- ELSA-2010-0162
- ELSA-2010-0164
- ELSA-2010-0165
- ELSA-2010-0166
- ELSA-2010-0339
- ELSA-2010-0768
- FEDORA-2009-12229
- FEDORA-2009-12305
- FEDORA-2009-12604
- FEDORA-2009-12606
- FEDORA-2009-12747
- FEDORA-2009-12750
- FEDORA-2009-12775
- FEDORA-2009-12782
- FEDORA-2009-12968
- FEDORA-2009-13236
- FEDORA-2010-1127
- FEDORA-2010-15989
- FEDORA-2010-16240
- FEDORA-2010-16294
- FEDORA-2010-16312
- FEDORA-2010-17220
- FEDORA-2010-17826
- FEDORA-2010-3905
- FEDORA-2010-3929
- FEDORA-2010-3956
- FEDORA-2010-5357
- FEDORA-2010-5942
- FEDORA-2010-6025
- FEDORA-2010-6039
- FEDORA-2010-6055
- FEDORA-2010-6131
- FEDORA-2010-6279
- FEDORA-2010-8742
- FEDORA-2010-9421
- FEDORA-2010-9487
- FEDORA-2010-9518
- FEDORA-2010-9639
- FREEBSD:9CCFEE39-3C3B-11DF-9EDC-000F20797EDE
- GLSA-200912-01
- GLSA-201006-18
- GLSA-201110-05
- GLSA-201203-22
- GLSA-201206-18
- GLSA-201301-01
- GLSA-201309-15
- GLSA-201311-13
- GLSA-201406-32
- MAVEN:GHSA-F7W7-6PJC-WWM6
- NGINX:CVE-2009-3555
- RHSA-2010:0865
- RHSA-2010:0987
- SECADV-20091105-1
- SSA:2009-320-01
- SSA:2010-067-01
- USN-1010-1
- USN-860-1
- USN-923-1
- USN-927-1
- USN-927-4
- USN-927-6
- USN-990-1
- USN-990-2
- VU:120541
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 533125 | Bug #533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation | https://bugzilla.redhat.com/show_bug.cgi?id=533125 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/fedora/proftpd?distro=fedora-12 | fedora | proftpd | < 1.3.2c.1.fc12 | fedora-12 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |