Univention Bugzilla – Bug 38372
proftpd-dfsg: multiple issues (4.0)
Last modified: 2015-07-16 14:23:22 CEST
unauthenticated copying of files via SITE CPFR/CPTO allowed by mod_copy (CVE-2015-3306)
Fixed available in 1.3.4a-5+deb7u3
<https://security-tracker.debian.org/tracker/CVE-2015-3306> repo_admin.py -U -p proftpd-dfsg -d wheezy -r 4.0-0-0 -s errata4.0-2 build-package-ng -r 4.0-0-0 -P ucs -s errata4.0-2 --no-pbuilder-update -p proftpd-dfsg r61416 | Bug #38372: proftpd 2015-06-23-proftpd-dfsg.yaml OK: zless /usr/share/doc/proftpd-basic/changelog.Debian.gz OK: univention-install proftpd-basic=1.3.4a-5.42.201410221814 OK: univention-install proftpd-basic OK: apt-get remove proftpd-basic OK: univention-install proftpd-basic OK: apt-get purge proftpd-basic OK: univention-install proftpd-basic OK: apt-get remove proftpd-basic OK: apt-get purge proftpd-basic OK: univention-install univention-ftp OK: errata-announce -V 2015-06-23-proftpd-dfsg.yaml FYI: As univention-ftp neither provides a proper LDAP integration, nor opens up the right ports in the firewall: active mode requires the firewall to be disabled on the client passive mode requires the firewall to be disabled on the server iptables -P INPUT ACCEPT ; iptables -F INPUT
Tests (amd64): OK Advisory: OK
<http://errata.univention.de/ucs/4.0/242.html>