Bug 38372 - proftpd-dfsg: multiple issues (4.0)
proftpd-dfsg: multiple issues (4.0)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.0
Other Linux
: P2 normal (vote)
: UCS 4.0-2-errata
Assigned To: Philipp Hahn
Janek Walkenhorst
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-04-27 14:49 CEST by Arvid Requate
Modified: 2015-07-16 14:23 CEST (History)
1 user (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score:
requate: Patch_Available+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2015-04-27 14:49:58 CEST
unauthenticated copying of files via SITE CPFR/CPTO allowed by mod_copy (CVE-2015-3306)
Comment 1 Arvid Requate univentionstaff 2015-05-20 14:12:35 CEST
Fixed available in 1.3.4a-5+deb7u3
Comment 2 Philipp Hahn univentionstaff 2015-06-23 12:58:23 CEST
<https://security-tracker.debian.org/tracker/CVE-2015-3306>
repo_admin.py -U -p proftpd-dfsg -d wheezy -r 4.0-0-0 -s errata4.0-2
build-package-ng -r 4.0-0-0 -P ucs -s errata4.0-2 --no-pbuilder-update -p proftpd-dfsg

r61416 | Bug #38372: proftpd
 2015-06-23-proftpd-dfsg.yaml

OK: zless /usr/share/doc/proftpd-basic/changelog.Debian.gz
OK: univention-install proftpd-basic=1.3.4a-5.42.201410221814
OK: univention-install proftpd-basic
OK: apt-get remove proftpd-basic
OK: univention-install proftpd-basic
OK: apt-get purge proftpd-basic
OK: univention-install proftpd-basic
OK: apt-get remove proftpd-basic
OK: apt-get purge proftpd-basic
OK: univention-install univention-ftp
OK: errata-announce -V 2015-06-23-proftpd-dfsg.yaml

FYI: As univention-ftp neither provides a proper LDAP integration, nor opens up the right ports in the firewall:
 active mode requires the firewall to be disabled on the client
 passive mode requires the firewall to be disabled on the server
 iptables -P INPUT ACCEPT ; iptables -F INPUT
Comment 3 Janek Walkenhorst univentionstaff 2015-07-15 19:06:32 CEST
Tests (amd64): OK
Advisory: OK
Comment 4 Janek Walkenhorst univentionstaff 2015-07-16 14:23:22 CEST
<http://errata.univention.de/ucs/4.0/242.html>