---

Security vulnerability in the ftp client program

Cristian Gafton
writes:

-----BEGIN PGP SIGNED MESSAGE-----

A security vulnerability has been identified in all versions of the ftp
client binary shipped with Red Hat Linux.  An exploit for this vulnerability
would have to rely on getting the user to connect using passive mode to a
server running a ftp daemon under the attacker's control.  As of this release
time there are no known exploits of this security problem.

All users of Red Hat Linux are encouraged to upgrade to the new package
releases immediately.  As always, these packages have been signed with the
Red Hat PGP key.

Red Hat Linux 5.0, 5.1 and 5.2:
===============================

alpha:
rpm -Uvh ftp://updates.redhat.com/5.2/alpha/ftp-0.10-4.alpha.rpm

i386:
rpm -Uvh ftp://updates.redhat.com/5.2/i386/ftp-0.10-4.i386.rpm

sparc:
rpm -Uvh ftp://updates.redhat.com/5.2/sparc/ftp-0.10-4.sparc.rpm

Source rpm:
rpm -Uvh ftp://updates.redhat.com/5.2/SRPMS/ftp-0.10-4.src.rpm

Red Hat Linux 4.2:
==================

alpha:
rpm -Uvh ftp://updates.redhat.com/4.2/alpha/NetKit-B-0.09-9.alpha.rpm

i386:
rpm -Uvh ftp://updates.redhat.com/4.2/i386/NetKit-B-0.09-9.i386.rpm

sparc:
rpm -Uvh ftp://updates.redhat.com/4.2/sparc/NetKit-B-0.09-9.sparc.rpm

Source rpm:
rpm -Uvh ftp://updates.redhat.com/4.2/SRPMS/NetKit-B-0.09-9.src.rpm

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNnhlUvGvxKXU9NkBAQEcTAP/UD6oyM0VkWF5DxunMyevVPbHIyevN0tR
sWrBKlwgeUACrOJNr7gJdKycfi/H03Y0cknOStEbBGY7pQq7x6uN1gs5ICRnDded
qD7s17xgN7bfrkoidvJvm7H9ZBsB0NMPdOUUUdgGRqOwngR7MCA3f9M8B7UkSHcE
5LOcUf+LLbQ=
=5mtf
-----END PGP SIGNATURE-----

Cristian