SUSE-SU-2025:1028-1

Опубликовано: 26 мар. 2025

Источник: suse-cvrf

Описание

Security update for proftpd

This update for proftpd fixes the following issues:

CVE-2024-57392: Fixed null pointer dereference vulnerability by sending a maliciously crafted message (bsc#1238143).
CVE-2024-48651: Fixed supplemental group inheritance granting unintended access to GID 0 (bsc#1238141).

Список пакетов

SUSE Linux Enterprise Module for Server Applications 15 SP6

proftpd-1.3.8b-150600.13.6.1

proftpd-devel-1.3.8b-150600.13.6.1

proftpd-doc-1.3.8b-150600.13.6.1

proftpd-lang-1.3.8b-150600.13.6.1

proftpd-ldap-1.3.8b-150600.13.6.1

proftpd-mysql-1.3.8b-150600.13.6.1

proftpd-pgsql-1.3.8b-150600.13.6.1

proftpd-radius-1.3.8b-150600.13.6.1

proftpd-sqlite-1.3.8b-150600.13.6.1

openSUSE Leap 15.6

proftpd-1.3.8b-150600.13.6.1

proftpd-devel-1.3.8b-150600.13.6.1

proftpd-doc-1.3.8b-150600.13.6.1

proftpd-lang-1.3.8b-150600.13.6.1

proftpd-ldap-1.3.8b-150600.13.6.1

proftpd-mysql-1.3.8b-150600.13.6.1

proftpd-pgsql-1.3.8b-150600.13.6.1

proftpd-radius-1.3.8b-150600.13.6.1

proftpd-sqlite-1.3.8b-150600.13.6.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-20251028-1/
Link for SUSE-SU-2025:1028-1
https://lists.suse.com/pipermail/sle-security-updates/2025-March/020611.html
E-Mail link for SUSE-SU-2025:1028-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1238141
SUSE Bug 1238141
https://bugzilla.suse.com/1238143
SUSE Bug 1238143
https://www.suse.com/security/cve/CVE-2024-48651/
SUSE CVE CVE-2024-48651 page
https://www.suse.com/security/cve/CVE-2024-57392/
SUSE CVE CVE-2024-57392 page

Описание

In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from mod_sql.

Затронутые продукты

SUSE Linux Enterprise Module for Server Applications 15 SP6:proftpd-1.3.8b-150600.13.6.1

SUSE Linux Enterprise Module for Server Applications 15 SP6:proftpd-devel-1.3.8b-150600.13.6.1

SUSE Linux Enterprise Module for Server Applications 15 SP6:proftpd-doc-1.3.8b-150600.13.6.1

SUSE Linux Enterprise Module for Server Applications 15 SP6:proftpd-lang-1.3.8b-150600.13.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-48651.html
CVE-2024-48651
https://bugzilla.suse.com/1233997
SUSE Bug 1233997

Описание

Buffer Overflow vulnerability in Proftpd commit 4017eff8 allows a remote attacker to execute arbitrary code and can cause a Denial of Service (DoS) on the FTP service by sending a maliciously crafted message to the ProFTPD service port.

Затронутые продукты

SUSE Linux Enterprise Module for Server Applications 15 SP6:proftpd-1.3.8b-150600.13.6.1

SUSE Linux Enterprise Module for Server Applications 15 SP6:proftpd-devel-1.3.8b-150600.13.6.1

SUSE Linux Enterprise Module for Server Applications 15 SP6:proftpd-doc-1.3.8b-150600.13.6.1

SUSE Linux Enterprise Module for Server Applications 15 SP6:proftpd-lang-1.3.8b-150600.13.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-57392.html
CVE-2024-57392
https://bugzilla.suse.com/1236889
SUSE Bug 1236889
https://bugzilla.suse.com/1238143
SUSE Bug 1238143

SUSE-SU-2025:1028-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Server Applications 15 SP6

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2024-48651

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2024-57392

Описание

Затронутые продукты

Ссылки