openSUSE-SU-2020:0069-1

Опубликовано: 18 янв. 2020

Источник: suse-cvrf

Описание

Security update for uftpd

This update for uftpd to version 2.11 fixes the following issues:

CVE-2020-5204: Fixed a buffer overflow in FTP PORT parser (boo#1160199).
Fixed additional bugs which could have security implications.

Список пакетов

openSUSE Leap 15.1

uftpd-2.11-lp151.2.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IDYGZ633D4H5UECALITDGXDPUI2GPPSA/
E-Mail link for openSUSE-SU-2020:0069-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1160199
SUSE Bug 1160199
https://www.suse.com/security/cve/CVE-2020-5204/
SUSE CVE CVE-2020-5204 page

Описание

In uftpd before 2.11, there is a buffer overflow vulnerability in handle_PORT in ftpcmd.c that is caused by a buffer that is 16 bytes large being filled via sprintf() with user input based on the format specifier string %d.%d.%d.%d. The 16 byte size is correct for valid IPv4 addresses (len('255.255.255.255') == 16), but the format specifier %d allows more than 3 digits. This has been fixed in version 2.11

Затронутые продукты

openSUSE Leap 15.1:uftpd-2.11-lp151.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-5204.html
CVE-2020-5204
https://bugzilla.suse.com/1160199
SUSE Bug 1160199
https://bugzilla.suse.com/1161667
SUSE Bug 1161667
https://bugzilla.suse.com/1180249
SUSE Bug 1180249

openSUSE-SU-2020:0069-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2020-5204

Описание

Затронутые продукты

Ссылки