RHBA-2012:1452 - Bug Fix Advisory

Topic

Updated ftp packages that two bugs and add one enhancement are now available for
Red Hat Enterprise Linux 6.

Description

The ftp packages provide the standard UNIX command line File Transfer Protocol
(FTP) client. FTP is a widely used protocol for transferring files over the
Internet, and for archiving files.

This update fixes the following bugs:

• Previous implementation of FTP did not free the memory allocated for its

commands correctly. Consequently, memory leaks occurred whenever the "append",
"put" and "send" commands were run. With this update, the underlying source code
has been corrected and allocated memory is now freed as expected. (BZ#871072)

• Previously, the size of the buffer used for an FTP macro definition was

limited to 200 characters. Therefore, if the size of the macro was larger than
200 characters, the buffer overflowed and the FTP client terminated
unexpectedly. This update extends the buffer of the FTP macro to match the size
of the FTP command line limit, which is now 4296 characters. The FTP client no
longer crashes in this scenario. (BZ#871547)

Additionally, this update adds the following enhancement:

• Previously, the command line width in the FTP client was limited to 200

characters. With this update, the maximum possible length of the FTP command
line has been extended to 4296 characters. (BZ#871060)

All users of ftp are advised to upgrade to these updated packages, which fix
these bugs and add this enhancement.

Solution

Before applying this update, make sure all previously-released errata relevant
to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Affected Products

• Red Hat Enterprise Linux Server 6 x86_64
• Red Hat Enterprise Linux Server 6 i386
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 6.3 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 6.3 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
• Red Hat Enterprise Linux Workstation 6 x86_64
• Red Hat Enterprise Linux Workstation 6 i386
• Red Hat Enterprise Linux Desktop 6 x86_64
• Red Hat Enterprise Linux Desktop 6 i386
• Red Hat Enterprise Linux for IBM z Systems 6 s390x
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 6.3 s390x
• Red Hat Enterprise Linux for Power, big endian 6 ppc64
• Red Hat Enterprise Linux for Power, big endian - Extended Update Support 6.3 ppc64
• Red Hat Enterprise Linux for Scientific Computing 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x
• Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.3 x86_64
• Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.3 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) 6 s390x

Fixes

CVEs

(none)

References

(none)