[SECURITY] Fedora 30 Update: pure-ftpd-1.0.49-5.fc30

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-fa83ea0492 2020-05-15 04:09:52.670510 -------------------------------------------------------------------------------- Name : pure-ftpd Product : Fedora 30 Version : 1.0.49 Release : 5.fc30 URL : http://www.pureftpd.org Summary : Lightweight, fast and secure FTP server Description : Pure-FTPd is a fast, production-quality, standard-comformant FTP server, based upon Troll-FTPd. Unlike other popular FTP servers, it has no known security flaw, it is really trivial to set up and it is especially designed for modern Linux and FreeBSD kernels (setfsuid, sendfile, capabilities) . Features include PAM support, IPv6, chroot()ed home directories, virtual domains, built-in LS, anti-warez system, bandwidth throttling, FXP, bounded ports for passive downloads, UL/DL ratios, native LDAP and SQL support, Apache log files and more. Rebuild switches: --without ldap disable ldap support --without mysql disable mysql support --without pgsql disable postgresql support --without extauth disable external authentication --without tls disable SSL/TLS -------------------------------------------------------------------------------- Update Information: Fix CVE-2020-9365 and CVE-2020-9274 -------------------------------------------------------------------------------- ChangeLog: * Wed May 6 2020 Ond��ej Lyson��k <olysonek(a)redhat.com&gt; - 1.0.49-5 - Fix CVE-2020-9365 and CVE-2020-9274 - Resolves: rhbz#1828688 - Resolves: rhbz#1831059 * Thu Jan 30 2020 Fedora Release Engineering <releng(a)fedoraproject.org&gt; - 1.0.49-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1828687 - CVE-2020-9365 pure-ftpd: OOB read in pure_strcmp function in utils.c https://bugzilla.redhat.com/show_bug.cgi?id=1828687 [ 2 ] Bug #1831058 - CVE-2020-9274 pure-ftpd: uninitialized pointer in the diraliases linked list leads to denial of service or information disclosure https://bugzilla.redhat.com/show_bug.cgi?id=1831058 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-fa83ea0492' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------