Cristian Gafton
writes:
-----BEGIN PGP SIGNED MESSAGE----- A security vulnerability has been identified in all versions of the ftp client binary shipped with Red Hat Linux. An exploit for this vulnerability would have to rely on getting the user to connect using passive mode to a server running a ftp daemon under the attacker's control. As of this release time there are no known exploits of this security problem. All users of Red Hat Linux are encouraged to upgrade to the new package releases immediately. As always, these packages have been signed with the Red Hat PGP key. Red Hat Linux 5.0, 5.1 and 5.2: =============================== alpha: rpm -Uvh ftp://updates.redhat.com/5.2/alpha/ftp-0.10-4.alpha.rpm i386: rpm -Uvh ftp://updates.redhat.com/5.2/i386/ftp-0.10-4.i386.rpm sparc: rpm -Uvh ftp://updates.redhat.com/5.2/sparc/ftp-0.10-4.sparc.rpm Source rpm: rpm -Uvh ftp://updates.redhat.com/5.2/SRPMS/ftp-0.10-4.src.rpm Red Hat Linux 4.2: ================== alpha: rpm -Uvh ftp://updates.redhat.com/4.2/alpha/NetKit-B-0.09-9.alpha.rpm i386: rpm -Uvh ftp://updates.redhat.com/4.2/i386/NetKit-B-0.09-9.i386.rpm sparc: rpm -Uvh ftp://updates.redhat.com/4.2/sparc/NetKit-B-0.09-9.sparc.rpm Source rpm: rpm -Uvh ftp://updates.redhat.com/4.2/SRPMS/NetKit-B-0.09-9.src.rpm -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBNnhlUvGvxKXU9NkBAQEcTAP/UD6oyM0VkWF5DxunMyevVPbHIyevN0tR sWrBKlwgeUACrOJNr7gJdKycfi/H03Y0cknOStEbBGY7pQq7x6uN1gs5ICRnDded qD7s17xgN7bfrkoidvJvm7H9ZBsB0NMPdOUUUdgGRqOwngR7MCA3f9M8B7UkSHcE 5LOcUf+LLbQ= =5mtf -----END PGP SIGNATURE----- Cristian