openSUSE-SU-2020:0865-1

Опубликовано: 25 июн. 2020

Источник: suse-cvrf

Описание

Security update for uftpd

This update for uftpd fixes the following issues:

uftpd was updated to version 2.12.

Changes:

Use common log message format and log level when user enters an invalid path. This unfortunately affects changes introduced in v2.11 to increase logging at default log level.

Security fixes:

CVE-2020-14149: When entering an invalid directory with the FTP command CWD, a NULL ptr was deref. in a DBG() message even though the log level is set to a value lower than LOG_DEBUG. This caused uftpd to crash and cause denial of service. Depending on the init/inetd system used this could be permanent. (boo#1172959)

Список пакетов

openSUSE Leap 15.1

uftpd-2.12-lp151.2.6.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7ZZVJKHMYEKLIWMJZN53DLSBGWMF5BNS/
E-Mail link for openSUSE-SU-2020:0865-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1172959
SUSE Bug 1172959
https://www.suse.com/security/cve/CVE-2020-14149/
SUSE CVE CVE-2020-14149 page

Описание

In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provided by the user, causing a NULL pointer dereference and denial of service, as demonstrated by a CWD /.. command.

Затронутые продукты

openSUSE Leap 15.1:uftpd-2.12-lp151.2.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-14149.html
CVE-2020-14149
https://bugzilla.suse.com/1172959
SUSE Bug 1172959

openSUSE-SU-2020:0865-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2020-14149

Описание

Затронутые продукты

Ссылки