Upload page content

You can upload content for the page named below. If you change the page name, you can also upload content for another page. If the page name is empty, we derive the page name from the file name.

File to load page content from
Page name
Comment

    PaulHowarth/Blog/2020-02-19

Wednesday 19th February 2020

Fedora Project

  • Updated perl-Net-SSLeay (1.88) with some spec file clean-ups from Tom Stellard (PR#1)

  • Updated proftpd to 1.3.6c in F-30, F-31, F-32, Rawhide and EPEL-8:

    • Use-after-free vulnerability in memory pools during data transfer (CVE-2020-9273, GH#903)

    • Fix mod_tls compilation with LibreSSL 2.9.x (GH#810)

    • MaxClientsPerUser was not enforced for SFTP logins when mod_digest was enabled (GH#750)

    • mod_sftp now handles an OpenSSH-specific private key format; it detects such keys, and logs a hint about reformatting them to a supported format (GH#793)

    • Directory listing was slower compared to previous ProFTPD versions (GH#793)

    • mod_sftp crashed when using pubkey-auth with DSA keys (GH#866)

    • Fix improper handling of TLS CRL lookups (CVE-2019-19269, CVE-2019-19270, GH#859)

    • Leaking PAM handler and data in case of unsuccessful authentication (GH#870)

    • SSH authentication failed for many clients due to receiving of SSH_MSG_IGNORE packet (ProFTPD Bug#4385)

    • SFTP publickey authentication failed unexpectedly when user had no shadow password info. (GH#890)

    • ftpasswd failed to restore password file permissions in some cases (GH#898)

    • Out-of-bounds read in mod_cap getstateflags() function; this has been addressed by updating the bundled version of libcap (CVE-2020-9272, GH#902)

    • Note that the Fedora builds of ProFTPD uses the system version of libcap and not the bundled version, and are not vulnerable to this issue

Local Packages

  • Updated proftpd to 1.3.6c as per the Fedora version

Recent