Conectiva Linux Security Announcement – WU-FTPD (re-release)

[ Thanks to Andreas Hasenack for this
link. ]

———————————————————————-

CONECTIVA LINUX SECURITY ANNOUNCEMENT (re-release)
———————————————————————-

PACKAGE: wu-ftpd
SUMMARY: Remote root compromise
DATE : 2000-06-23
AFFECTED CONECTIVA VERSIONS : servidor-1.0 3.0 4.0 4.0es 4.1 4.2
5.0

DESCRIPTION
This is a new release. Our previous -10cl release didn’t fix the
problem. wu-ftpd package version 2.6.0 and below has a buffer
overflow that can be remotely exploited and give an attacker root
privileges on the remote machine.

SOLUTION
All users of wu-ftpd MUST upgrade immediately. The updated packages
contain a patch to fix this vulnerability. Users of “Conectiva
Linux 3.0” can use the packages supplied for “servidor-1.0”. Please
note that the -10cl packages released earlier today didn’t correct
this problem.

DIRECT DOWNLOAD LINKS TO UPDATED PACKAGES

ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/i386/wu-ftpd-2.6.0-11cl.i386.rpm

ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/i386/wu-ftpd-2.6.0-11cl.i386.rpm

ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/wu-ftpd-2.6.0-11cl.i386.rpm

ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/wu-ftpd-2.6.0-11cl.i386.rpm

ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/wu-ftpd-2.6.0-11cl.i386.rpm

ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/servidor-1.0/i386/wu-ftpd-2.6.0-11cl.i386.rpm

DIRECT LINK TO THE SOURCE PACKAGES

ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/SRPMS/wu-ftpd-2.6.0-11cl.i386.rpm

ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/SRPMS/wu-ftpd-2.6.0-11cl.i386.rpm

ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/SRPMS/wu-ftpd-2.6.0-11cl.i386.rpm

ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/SRPMS/wu-ftpd-2.6.0-11cl.i386.rpm

ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/wu-ftpd-2.6.0-11cl.i386.rpm

ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/servidor-1.0/SRPMS/wu-ftpd-2.6.0-11cl.i386.rpm

All packages are signed with Conectiva’s PGP key. The key can be
obtained at
http://www.conectiva.com.br/conectiva/contato.html

subscribe: atualizacoes-anuncio-subscribe@bazar.conectiva.com.br

unsubscribe: atualizacoes-anuncio-unsubscribe@bazar.conectiva.com.br