Facebook
Twitter
S
steff0815
Guest
There are more than one Vulnerability. Here i listed only things that can be fixed.
Why do you need so long time parallels to fix all these thing in your packages?
1. ProFTPD
1.1. ProFTPD Long Command Handling Security Vulnerability
Affected Software/OS
roFTPD Project versions 1.2.x on Linux, ProFTPD Project versions 1.3.x on Linux
Fix : Fixed is available in the SVN repository --> http://www.proftpd.org/cvs.html
1.2. ProFTPD Server SQL Injection Vulnerability
Affected Software/OS: ProFTPD Server version 1.3.1 through 1.3.2rc2
Fix: Upgrade to the latest version 1.3.2rc3, http://www.proftpd.org/
1.3. ProFTPD mod_tls Module NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
Affected Software/OS: Versions prior to ProFTPD 1.3.2b and 1.3.3 to 1.3.3.rc1 are vulnerable
Fix: Upgrade to the latest version 1.3.2rc3, http://www.proftpd.org/
2. Apache
2.1. Apache mod_proxy_http.c Denial Of Service Vulnerability
Affected Software/OS: Apache HTTP Server version prior to 2.3.3
Fix: Fixed in the SVN repository. http://svn.apache.org/viewvc?view=revbr>
2.2. Apache mod_deflate Denial Of Service Vulnerability
Affected Software/OS: Apache HTTP Server version 2.2.11 and prior
Fix: Fixed in the SVN repository. http://svn.apache.org/viewvc?view=revbr>
3. OpenSSH
3.1. OpenSSH CBC Mode Information Disclosure Vulnerability
Affected Software/OS: Versions prior to OpenSSH 5.2 are vulnerable. Various versions of SSH Tectia are also affected.
Fix: Upgrade to higher version, http://www.openssh.com/portable.html
I think you need to update your packages as quickly as possible.
First of all the psa-proftp package!!!!!!!!
Why do you need so long time parallels to fix all these thing in your packages?
1. ProFTPD
1.1. ProFTPD Long Command Handling Security Vulnerability
Affected Software/OS
roFTPD Project versions 1.2.x on Linux, ProFTPD Project versions 1.3.x on LinuxFix : Fixed is available in the SVN repository --> http://www.proftpd.org/cvs.html
1.2. ProFTPD Server SQL Injection Vulnerability
Affected Software/OS: ProFTPD Server version 1.3.1 through 1.3.2rc2
Fix: Upgrade to the latest version 1.3.2rc3, http://www.proftpd.org/
1.3. ProFTPD mod_tls Module NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
Affected Software/OS: Versions prior to ProFTPD 1.3.2b and 1.3.3 to 1.3.3.rc1 are vulnerable
Fix: Upgrade to the latest version 1.3.2rc3, http://www.proftpd.org/
2. Apache
2.1. Apache mod_proxy_http.c Denial Of Service Vulnerability
Affected Software/OS: Apache HTTP Server version prior to 2.3.3
Fix: Fixed in the SVN repository. http://svn.apache.org/viewvc?view=revbr>
2.2. Apache mod_deflate Denial Of Service Vulnerability
Affected Software/OS: Apache HTTP Server version 2.2.11 and prior
Fix: Fixed in the SVN repository. http://svn.apache.org/viewvc?view=revbr>
3. OpenSSH
3.1. OpenSSH CBC Mode Information Disclosure Vulnerability
Affected Software/OS: Versions prior to OpenSSH 5.2 are vulnerable. Various versions of SSH Tectia are also affected.
Fix: Upgrade to higher version, http://www.openssh.com/portable.html
I think you need to update your packages as quickly as possible.
First of all the psa-proftp package!!!!!!!!
