- Issued:
- 2007-11-15
- Updated:
- 2007-11-15
RHBA-2007:0793 - Bug Fix Advisory
Synopsis
vsftpd bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Lightspeed patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated vsftpd packages that fix various bugs are now available.
Description
The vsftpd package includes a Very Secure FTP (File Transfer Protocol)
daemon.
These updated packages fix the following issues:
- files uploaded by anonymous users were given incorrect permissions even
if a umask was set using "anon_umask=" in vsftpd.conf.
- using wildcards in conjunction with the 'ls' command did not return all
the filenames it should. For example, if you FTPed into a directory
containing three files -- A1, A21 and A11 -- and ran 'ls *1", only the
filenames A1 and A21 were returned. The updated package now uses greedier
code that continues to speculatively scan for items even after matches have
been found.
- when "user_config_dir=" is enabled in vsftpd.conf, the following error
occurred after entering your password during the log in process:
500 OOPS: reading non-root config file Login failed. 421 Service not
available, remote server has closed connection
All vsftpd users should upgrade to these updated packages, which resolve
these issues.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
Affected Products
- Red Hat Enterprise Linux Server 4 x86_64
- Red Hat Enterprise Linux Server 4 ia64
- Red Hat Enterprise Linux Server 4 i386
- Red Hat Enterprise Linux for IBM z Systems 4 s390x
- Red Hat Enterprise Linux for IBM z Systems 4 s390
- Red Hat Enterprise Linux for Power, big endian 4 ppc
Fixes
- BZ - 244864 - vsftpd file listing issue with wildcard
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 4
| SRPM | |
|---|---|
| vsftpd-2.0.1-5.EL4.7.src.rpm | SHA-256: ef687e5011d9c945f4b6e8e1adff77aabf1e552d24efbd3dc0aebf5d060bb464 |
| x86_64 | |
| vsftpd-2.0.1-5.EL4.7.x86_64.rpm | SHA-256: 516310824a4b1e0ae610a1efc2eccebf12641ed4daa4c9fd705655f4c938c348 |
| vsftpd-2.0.1-5.EL4.7.x86_64.rpm | SHA-256: 516310824a4b1e0ae610a1efc2eccebf12641ed4daa4c9fd705655f4c938c348 |
| ia64 | |
| vsftpd-2.0.1-5.EL4.7.ia64.rpm | SHA-256: f6fad52b4e1568151c9f23786ef0e521a97697b573aafac69bfe4f2c8f0ab454 |
| vsftpd-2.0.1-5.EL4.7.ia64.rpm | SHA-256: f6fad52b4e1568151c9f23786ef0e521a97697b573aafac69bfe4f2c8f0ab454 |
| i386 | |
| vsftpd-2.0.1-5.EL4.7.i386.rpm | SHA-256: 947f34f96eafaa72f0d6108253291b32bdc65f50c837221e3a979a35e2cacf25 |
| vsftpd-2.0.1-5.EL4.7.i386.rpm | SHA-256: 947f34f96eafaa72f0d6108253291b32bdc65f50c837221e3a979a35e2cacf25 |
Red Hat Enterprise Linux for IBM z Systems 4
| SRPM | |
|---|---|
| vsftpd-2.0.1-5.EL4.7.src.rpm | SHA-256: ef687e5011d9c945f4b6e8e1adff77aabf1e552d24efbd3dc0aebf5d060bb464 |
| s390x | |
| vsftpd-2.0.1-5.EL4.7.s390x.rpm | SHA-256: 177176724efe7e42def15c259d9f77c72ae5adec4dee998841276bba0ef5de32 |
| s390 | |
| vsftpd-2.0.1-5.EL4.7.s390.rpm | SHA-256: 2c7546b1298996080a6226a22a8d7d750ae719934a5673a13ea6bcdc009f46f0 |
Red Hat Enterprise Linux for Power, big endian 4
| SRPM | |
|---|---|
| vsftpd-2.0.1-5.EL4.7.src.rpm | SHA-256: ef687e5011d9c945f4b6e8e1adff77aabf1e552d24efbd3dc0aebf5d060bb464 |
| ppc | |
| vsftpd-2.0.1-5.EL4.7.ppc.rpm | SHA-256: 789d87db0ab064b570de7d8099c6b5b93c09c8a417857393d552bf3cea6c535a |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
