Fedora Linux 8485 Published by

Updated ProFTPD and Python-Asyncssh packages are available for Fedora Linux:

Fedora 38 Update: proftpd-1.3.8b-1.fc38
Fedora 39 Update: python-asyncssh-2.14.2-1.fc39
Fedora 39 Update: proftpd-1.3.8b-1.fc39




Fedora 38 Update: proftpd-1.3.8b-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-b87ec6cf47
2023-12-30 01:30:19.049399
--------------------------------------------------------------------------------

Name : proftpd
Product : Fedora 38
Version : 1.3.8b
Release : 1.fc38
URL : http://www.proftpd.org/
Summary : Flexible, stable and highly-configurable FTP server
Description :
ProFTPD is an enhanced FTP server with a focus toward simplicity, security,
and ease of configuration. It features a very Apache-like configuration
syntax, and a highly customizable server infrastructure, including support for
multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory
visibility.

This package defaults to the standalone behavior of ProFTPD, but all the
needed scripts to have it run by systemd instead are included.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2023-48795 (Terrapin SSH protocol attack), affecting
mod_sftp.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 20 2023 Paul Howarth - 1.3.8b-1
- Update to 1.3.8b
- Compiling ProFTPD 1.3.8a mod_sftp, mod_tls using libressl 3.7.3 failed
(GH#1735)
- Build system failed for specific module names (GH#1756)
- "Terrapin" Prefix Truncation Attacks in SSH Specification affected mod_sftp
(CVE-2023-48795, GH#1760)
* Fri Dec 8 2023 Florian Weimer [fweimer@redhat.com] - 1.3.8a-2
- Additional C compatibility fix
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2254210 - CVE-2023-48795 ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://bugzilla.redhat.com/show_bug.cgi?id=2254210
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-b87ec6cf47' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: python-asyncssh-2.14.2-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-e77300e4b5
2023-12-30 01:20:53.296310
--------------------------------------------------------------------------------

Name : python-asyncssh
Product : Fedora 39
Version : 2.14.2
Release : 1.fc39
URL : https://github.com/ronf/asyncssh
Summary : Asynchronous SSH for Python
Description :
Python 3 library for asynchronous client and
server-side SSH communication. It uses the Python asyncio module and
implements many SSH protocol features such as the various channels,
SFTP, SCP, forwarding, session multiplexing over a connection and more.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2023-48795
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 21 2023 Georg Sauthoff [mail@gms.tf] - 2.14.2-1
- Update to latest upstream version (fixes fedora#2255038)
- Fix CVE-2023-48795 ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (fixes fedora#2254210)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2254210 - CVE-2023-48795 ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://bugzilla.redhat.com/show_bug.cgi?id=2254210
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-e77300e4b5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 39 Update: proftpd-1.3.8b-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-153404713b
2023-12-30 01:20:53.296279
--------------------------------------------------------------------------------

Name : proftpd
Product : Fedora 39
Version : 1.3.8b
Release : 1.fc39
URL : http://www.proftpd.org/
Summary : Flexible, stable and highly-configurable FTP server
Description :
ProFTPD is an enhanced FTP server with a focus toward simplicity, security,
and ease of configuration. It features a very Apache-like configuration
syntax, and a highly customizable server infrastructure, including support for
multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory
visibility.

This package defaults to the standalone behavior of ProFTPD, but all the
needed scripts to have it run by systemd instead are included.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2023-48795 (Terrapin SSH protocol attack), affecting
mod_sftp.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 20 2023 Paul Howarth - 1.3.8b-1
- Update to 1.3.8b
- Compiling ProFTPD 1.3.8a mod_sftp, mod_tls using libressl 3.7.3 failed
(GH#1735)
- Build system failed for specific module names (GH#1756)
- "Terrapin" Prefix Truncation Attacks in SSH Specification affected mod_sftp
(CVE-2023-48795, GH#1760)
* Fri Dec 8 2023 Florian Weimer [fweimer@redhat.com] - 1.3.8a-2
- Additional C compatibility fix
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2254210 - CVE-2023-48795 ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://bugzilla.redhat.com/show_bug.cgi?id=2254210
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-153404713b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--