Univention Bugzilla – Bug 50917
proftpd-dfsg: Multiple issues (4.3)
Last modified: 2020-03-11 13:57:28 CET
New Debian proftpd-dfsg 1.3.5b-4+deb9u4 fixes: This update addresses the following issues: * An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrator. The dereference occurs when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup. (CVE-2019-19269) * In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution. (CVE-2020-9273)
Requires new MariaDB-10.1.44 as it was re-compiled after Bug #50924.
--- mirror/ftp/4.3/unmaintained/component/4.3-5-errata/source/proftpd-dfsg_1.3.5b-4+deb9u2.dsc +++ apt/ucs_4.3-0-errata4.3-5/source/proftpd-dfsg_1.3.5b-4+deb9u4.dsc @@ -1,3 +1,17 @@ +1.3.5b-4+deb9u4 [Tue, 25 Feb 2020 22:43:05 +0100] Salvatore Bonaccorso <carnil@debian.org>: + + * Non-maintainer upload by the Security Team. + * Ensure that we do not reuse already-destroyed memory pools during data + transfers (CVE-2020-9273) (Closes: #951800) + * Clear the data-transfer instigating command pool but keep a memory pool. + Fixes regression in the %{transfer-status} LogFormat functionality. + +1.3.5b-4+deb9u3 [Tue, 31 Dec 2019 11:06:16 +0100] Hilmar Preusse <hille42@web.de>: + + * Cherry pick patch from upstream: + - for upstream bug #861 (CVE-2019-19269) (Closes: #946345) + Patch named upstream_pull_861_CVE-2019-19269 + 1.3.5b-4+deb9u2 [Wed, 23 Oct 2019 23:34:50 +0200] Hilmar Preusse <hille42@web.de>: * Add patch from upstream to address CVE-2019-18217. <http://10.200.17.11/4.3-5/#8571837250115864386>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-5] 6bc3a6a02e Bug #50917: proftpd-dfsg 1.3.5b-4+deb9u4 doc/errata/staging/proftpd-dfsg.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) [4.3-5] 50e983ac48 Bug #50917: proftpd-dfsg 1.3.5b-4+deb9u4 doc/errata/staging/proftpd-dfsg.yaml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+)
<http://errata.software-univention.de/ucs/4.3/657.html>