2009年12月14日

[installer 2168] ProFTPD 1.3.2c, 1.3.3rc3

ProFTPD 1.3.2c, 1.3.3rc3 出ています。

SSL/TLS renegotiation の MITM の回避施策が含まれています。

☆ ProFTPD 1.3.2c
http://www.proftpd.org/
ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.2c.tar.gz

1.3.2c - Released 10-Dec-2009
--------------------------------
- Bug 3324 - Vulnerability in SSL/TLS protocol during renegotiation
(CVE-2009-3555).
- Bug 3328 - Failed database transaction can cause mod_quotatab to loop
endlessly.
- Bug 3332 - Segfault in mod_wrap when TCPAccessFiles do not exist and client
sends USER for account which does not exist.
- Bug 3337 - <Directory> sections with a trailing directory name of one
character have <Limit> problems. This is a regression caused by Bug#3146.
- Bug 3341 - mod_wrap2 segfaults when a valid user retries the USER command.
- Bug 3350 - Segfault caused by scrubbing zero-length portion of memory.
- Bug 3347 - mod_auth_file handles 'getgroups' request incorrectly.
- Bug 3351 - Nonchrooted logins on HPUX do not get proper UID/GID.


☆ ProFTPD 1.3.3rc3
http://www.proftpd.org/
ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.3rc3.tar.gz

1.3.3rc3 - Released 10-Dec-2009
--------------------------------
- Bug 3303 - FileZilla reports "Server did not properly shut down TLS
connection" after TimeoutIdle triggered.
- Bug 3305 - Emulate Solaris 10 syslog "header" on Solaris 10 servers.
- Bug 3307 - All FTP logins treated as anonymous logins.
- Bug 3312 - Uploading via SFTP/SCP to FIFO whose reader is closed causes
session to hang.
- Bug 3313 - Uploading via SFTP to FIFOs fails due to illegal lseek(2),
truncate(2) calls.
- Bug 3314 - Downloading from FIFOs via SFTP/SCP fails.
- Bug 3315 - Support the %u variable in SFTPAuthorizedUserKeys paths.
- Bug 3316 - Messages from PAM modules are ignored when authenticating SSH
clients via 'keyboard-interactive'.
- Bug 3317 - mod_wrap/libwrap should honor SyslogFacility setting.
- Bug 3311 - configure script should automatically detect when -ldl is needed
by OpenSSL.
- Bug 3324 - Vulnerability in SSL/TLS protocol during renegotiation
(CVE-2009-3555).
- Bug 3327 - Clear external SSL session caches on server restart/shutdown.
- Bug 3326 - Shared memory segment used for session cache should be protected
via mlock(2).
- Bug 3322 - Support the "version-select" SFTP extension.
- Bug 3321 - Support the "check-file-name" and "check-file-handle" SFTP
extensions.
- Bug 3320 - Support the "copy-file" SFTP extension.
- Bug 3328 - Failed database transaction can cause mod_quotatab to loop
endlessly.
- Bug 3307 - Transparently handle the X-variant commands when checking <Limit>
permissions. The fix for this issue has been reimplemented to be more
transparent; some existing configurations were broken by the previous
implementation.
- Bug 3329 - Support the "vendor-id" SFTP extension.
- Bug 3332 - Segfault in mod_wrap when TCPAccessFiles do not exist and client
sends USER for account which does not exist.
- Bug 3333 - mod_sql_mysql should support calling stored procedures better.
- Bug 3337 - <Directory> sections with a trailing directory name of one
character have <Limit> problems. This is regression caused by Bug#3146.
- Bug 3331 - Update bundled libtool to 2.2.4.
- Bug 3341 - mod_wrap2 segfaults when a valid user retries the USER command.
- Bug 3342 - FEAT response contains LF without preceding CR.
- Bug 3306 - ECONNREFUSED while handling SIGHUP.
- Bug 3345 - mod_sftp returns EACCES rather than ENOENT for an OPEN request
for a nonexistent file.
- Bug 3344 - Support SHA256, SHA512 passwords in databases.
- Bug 3348 - Rewriting of home directories via RewriteHome does not work for
chrooted sessions.
- Bug 3349 - SSL_SESSION_cmp not available in OpenSSL 1.0.0 betas.
- Bug 3350 - Segfault caused by scrubbing zero-length portion of memory.
- Bug 3347 - mod_auth_file handles 'getgroups' request incorrectly.
- Bug 3351 - Nonchrooted logins on HPUX do not get proper UID/GID.
- Bug 3352 - mod_sftp does not reject/close connections that have been rejected
by mod_wrap.

----
こがよういちろう


投稿者 xml-rpc : 2009年12月14日 19:21
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/91391
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。