Univention Bugzilla – Bug 50876
proftpd-dfsg: Multiple issues (4.4)
Last modified: 2020-03-11 14:42:05 CET
New Debian proftpd-dfsg 1.3.5b-4+deb9u4 fixes: This update addresses the following issues: * An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup. (CVE-2019-19269) * In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution. (CVE-2020-9273)
--- mirror/ftp/4.4/unmaintained/4.4-3/source/proftpd-dfsg_1.3.5b-4+deb9u2.dsc +++ apt/ucs_4.4-0-errata4.4-3/source/proftpd-dfsg_1.3.5b-4+deb9u4.dsc @@ -1,3 +1,17 @@ +1.3.5b-4+deb9u4 [Tue, 25 Feb 2020 22:43:05 +0100] Salvatore Bonaccorso <carnil@debian.org>: + + * Non-maintainer upload by the Security Team. + * Ensure that we do not reuse already-destroyed memory pools during data + transfers (CVE-2020-9273) (Closes: #951800) + * Clear the data-transfer instigating command pool but keep a memory pool. + Fixes regression in the %{transfer-status} LogFormat functionality. + +1.3.5b-4+deb9u3 [Tue, 31 Dec 2019 11:06:16 +0100] Hilmar Preusse <hille42@web.de>: + + * Cherry pick patch from upstream: + - for upstream bug #861 (CVE-2019-19269) (Closes: #946345) + Patch named upstream_pull_861_CVE-2019-19269 + 1.3.5b-4+deb9u2 [Wed, 23 Oct 2019 23:34:50 +0200] Hilmar Preusse <hille42@web.de>: * Add patch from upstream to address CVE-2019-18217. <http://10.200.17.11/4.4-3/#2467343062219912264>
Requires new MariaDB-10.1.44 as it was re-compiled after Bug #50863.
OK: yaml OK: announce_errata OK: patch ~OK: piuparts due to pending MariaDB-10.1.14 update OK: apt install -t apt univention-ftp [4.4-3] b56f01c232 Bug #50876: proftpd-dfsg 1.3.5b-4+deb9u4 doc/errata/staging/proftpd-dfsg.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) [4.4-3] 57c0b2b980 Bug #50876: proftpd-dfsg 1.3.5b-4+deb9u4 doc/errata/staging/proftpd-dfsg.yaml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+)
<http://errata.software-univention.de/ucs/4.4/479.html>