Advisories

Mandriva Advisories

Package name	gftp
Date	March 4th, 2005
Advisory ID	MDKSA-2005:050
Affected versions	10.0, 10.1, CS2.1, CS3.0
Synopsis	Updated gftp packages fix vulnerability

Problem Description

A vulnerability in gftp could allow a malicious FTP server to
overwrite files on the local system as the user running gftp due to
improper handling of filenames containing slashes.

The updated packages are patched to deal with these issues.

Updated Packages

Mandrakelinux 10.0

 b39b15034eb4d3581c44e100af5d50f0  10.0/RPMS/gftp-2.0.16-4.1.100mdk.i586.rpm
 bee5bf5c5003046e739cc8dcd763b5b9  10.0/SRPMS/gftp-2.0.16-4.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64

 28e4cdeac10a8e809de0f9f5372f516a  amd64/10.0/RPMS/gftp-2.0.16-4.1.100mdk.amd64.rpm
 bee5bf5c5003046e739cc8dcd763b5b9  amd64/10.0/SRPMS/gftp-2.0.16-4.1.100mdk.src.rpm

Mandrakelinux 10.1

 629737a4dce0aa18c5c8682f4bc7dc76  10.1/RPMS/gftp-2.0.17-4.1.101mdk.i586.rpm
 a412997b5076bbfd58c53c5df23c7897  10.1/SRPMS/gftp-2.0.17-4.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64

 4d9ceebce6f39c2b426021301bfad778  x86_64/10.1/RPMS/gftp-2.0.17-4.1.101mdk.x86_64.rpm
 a412997b5076bbfd58c53c5df23c7897  x86_64/10.1/SRPMS/gftp-2.0.17-4.1.101mdk.src.rpm

Corporate Server 2.1

 812d8ec7003e0efb5ed4f31fade5461e  corporate/2.1/RPMS/gftp-2.0.13-2.1.C21mdk.i586.rpm
 73d1194548966c40acfa2f863b590778  corporate/2.1/SRPMS/gftp-2.0.13-2.1.C21mdk.src.rpm

Corporate Server 2.1/X86_64

 0e62f8cf63c1dfe52a8059c8890efe7d  x86_64/corporate/2.1/RPMS/gftp-2.0.13-2.1.C21mdk.x86_64.rpm
 73d1194548966c40acfa2f863b590778  x86_64/corporate/2.1/SRPMS/gftp-2.0.13-2.1.C21mdk.src.rpm

Corporate Server 3.0

 340f5735280f121bc35301b706d6077e  corporate/3.0/RPMS/gftp-2.0.16-4.1.C30mdk.i586.rpm
 15bc999abc88794605dc5df20adb50a4  corporate/3.0/SRPMS/gftp-2.0.16-4.1.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 9e21985c7ba6224eaa90fbdf9be50cd1  x86_64/corporate/3.0/RPMS/gftp-2.0.16-4.1.C30mdk.x86_64.rpm
 15bc999abc88794605dc5df20adb50a4  x86_64/corporate/3.0/SRPMS/gftp-2.0.16-4.1.C30mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0372

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer