Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
Fedora Core 1 Update: lftp (stable)
Posted by Philipp Esselbach on: 12/16/2003 06:50 AM [ Print | 0 comment(s) ]
Fedora Update Notification
FEDORA-2003-025
2003-12-12
---------------------------------------------------------------------
Name : lftp
Version : 2.6.10
Release : 1
Summary : A sophisticated file transfer program
Description :
LFTP is a sophisticated ftp/http file transfer program. Like bash, it has job control and uses the readline library for input. It has bookmarks, built-in mirroring, and can transfer several files in parallel. It is designed with reliability in mind.
FEDORA-2003-025
2003-12-12
---------------------------------------------------------------------
Name : lftp
Version : 2.6.10
Release : 1
Summary : A sophisticated file transfer program
Description :
LFTP is a sophisticated ftp/http file transfer program. Like bash, it has job control and uses the readline library for input. It has bookmarks, built-in mirroring, and can transfer several files in parallel. It is designed with reliability in mind.
---------------------------------------------------------------------
Update Information:
Ulf Härnhammar found a remotely-triggerable buffer overflow in lftp.
An attacker could create a carefully crafted directory on a website such that, if a user connects to that directory using the lftp client and subsequently issues a 'ls' or 'rels' command, the attacker could execute arbitrary code on the users machine. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0963 to this issue.
Users of lftp are advised to upgrade to these erratum packages, which upgrade lftp to a version which is not vulnerable to this issue.
Red Hat would like to thank Ulf Härnhammar for discovering and alerting us to this issue.
---------------------------------------------------------------------
* Fri Dec 12 2003 Nalin Dahyabhai <nalin redhat com> 2.6.10-1
- update to 2.6.10, which folds in the previous patches
- configure with --with-debug so that we get useful debug info
* Tue Dec 09 2003 Nalin Dahyabhai <nalin redhat com> 2.6.9-1
- include patch based on patch from Ulf Härnhammar to fix unsafe use of
sscanf when reading http directory listings (CAN-2003-0963)
- include patch based on patch from Ulf Härnhammar to fix compile warnings
modified based on input from Solar Designer
* Mon Dec 08 2003 Nalin Dahyabhai <nalin redhat com>
- update to 2.6.9
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
b36e31c19e088ee086afc9c42dacd471 SRPMS/lftp-2.6.10-1.src.rpm
1a6ab3a0b3df685cc1354bf4740a7201 i386/lftp-2.6.10-1.i386.rpm
7c70562d0c91db1b15d21d0f56f32ea0 i386/debug/lftp-debuginfo-2.6.10-1.i386.rpm
This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.
Update Information:
Ulf Härnhammar found a remotely-triggerable buffer overflow in lftp.
An attacker could create a carefully crafted directory on a website such that, if a user connects to that directory using the lftp client and subsequently issues a 'ls' or 'rels' command, the attacker could execute arbitrary code on the users machine. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0963 to this issue.
Users of lftp are advised to upgrade to these erratum packages, which upgrade lftp to a version which is not vulnerable to this issue.
Red Hat would like to thank Ulf Härnhammar for discovering and alerting us to this issue.
---------------------------------------------------------------------
* Fri Dec 12 2003 Nalin Dahyabhai <nalin redhat com> 2.6.10-1
- update to 2.6.10, which folds in the previous patches
- configure with --with-debug so that we get useful debug info
* Tue Dec 09 2003 Nalin Dahyabhai <nalin redhat com> 2.6.9-1
- include patch based on patch from Ulf Härnhammar to fix unsafe use of
sscanf when reading http directory listings (CAN-2003-0963)
- include patch based on patch from Ulf Härnhammar to fix compile warnings
modified based on input from Solar Designer
* Mon Dec 08 2003 Nalin Dahyabhai <nalin redhat com>
- update to 2.6.9
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
b36e31c19e088ee086afc9c42dacd471 SRPMS/lftp-2.6.10-1.src.rpm
1a6ab3a0b3df685cc1354bf4740a7201 i386/lftp-2.6.10-1.i386.rpm
7c70562d0c91db1b15d21d0f56f32ea0 i386/debug/lftp-debuginfo-2.6.10-1.i386.rpm
This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.
Related Threads
09/29/2007 09:59 AM: Dual booting Fedora Core 5 with Windows XP Pro? (5) by danleff
05/19/2007 11:37 PM: Windows 200/fedora core 6 dual boot problems (2) by nissanracer007
09/25/2006 10:38 PM: need driver for dlink g510 for fedora core 4 (5) by danleff
08/21/2006 10:47 PM: New, Need some help with Fedora Core 5 (1) by danleff
08/06/2006 09:03 PM: Help setting up a wireless USB Linksys card on Fedora Core 5 (1) by danleff
07/20/2006 11:01 PM: More Dual Booting Issues with Fedora Core 5 and Xp (3) by bergyman
07/09/2006 04:42 AM: Fedora Core 5 install w/ 2 hard drives (4) by atagar
05/25/2006 05:03 AM: Trying to install Fedora Core 5 on a Tyan Tiger 200T mo/bo (1) by danleff
05/31/2006 05:51 PM: Installing LAMP on Fedora Core 4 (5) by danleff
05/20/2006 05:45 AM: grub reports error 17 in fedora core 4/win98 (1) by danleff
05/19/2007 11:37 PM: Windows 200/fedora core 6 dual boot problems (2) by nissanracer007
09/25/2006 10:38 PM: need driver for dlink g510 for fedora core 4 (5) by danleff
08/21/2006 10:47 PM: New, Need some help with Fedora Core 5 (1) by danleff
08/06/2006 09:03 PM: Help setting up a wireless USB Linksys card on Fedora Core 5 (1) by danleff
07/20/2006 11:01 PM: More Dual Booting Issues with Fedora Core 5 and Xp (3) by bergyman
07/09/2006 04:42 AM: Fedora Core 5 install w/ 2 hard drives (4) by atagar
05/25/2006 05:03 AM: Trying to install Fedora Core 5 on a Tyan Tiger 200T mo/bo (1) by danleff
05/31/2006 05:51 PM: Installing LAMP on Fedora Core 4 (5) by danleff
05/20/2006 05:45 AM: grub reports error 17 in fedora core 4/win98 (1) by danleff