Friday 21st February 2020
Fedora Project
Updated proftpd (1.3.5e) in EPEL-7:
Fix compatibility with modern SFTP clients like FileZilla:
mod_sftp: When handling the 'keyboard-interactive' authentication mechanism, as used for (e.g.) PAM, make sure to properly handle DEBUG, IGNORE, DISCONNECT and UNIMPLEMENTED messages, per RFC 4253 (ProFTPD Bug#4385)
Fix use-after-free vulnerability in memory pools during data transfer (CVE-2020-9273, GH#903)
Backported fix from https://github.com/proftpd/proftpd/commit/e845abc1
Updated proftpd (1.3.3g) in EPEL-6:
Fix use-after-free vulnerability in memory pools during data transfer (CVE-2020-9273, GH#903)
Backported fix from https://github.com/proftpd/proftpd/commit/e845abc1
Local Packages
Updated perl-Module-CoreList to 5.20200220:
- Updated for v5.31.9
Updated ppp to 2.4.8:
New pppd options have been added:
ifname, to set the name for the PPP interface device
defaultroute-metric, to set the metric for the default route
defaultroute6, to add an IPv6 default route (with nodefaultroute6 to prevent adding an IPv6 default route)
up_sdnotify, to have pppd notify systemd when the link is up
The rp-pppoe plugin has new options:
host-uniq, to set the Host-Uniq value to send
pppoe-padi-timeout, to set the timeout for discovery packets
pppoe-padi-attempts, to set the number of discovery attempts
Added the CLASS attribute in radius packets
- Sundry bug fixes
- Fixed warnings and issues found by static analysis
Added Submitting-patches.md
A patch was added to fix a buffer overflow in the eap_request and eap_response functions (CVE-2020-8597)