Bug 12890
Summary: | wu-ftpd remote hole (PATCH) | ||||||
---|---|---|---|---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Pekka Savola <pekkas> | ||||
Component: | wu-ftpd | Assignee: | Bernhard Rosenkraenzer <bero> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | high | ||||||
Version: | 6.2 | CC: | gedetil | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | i386 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2000-06-23 22:07:11 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Pekka Savola
2000-06-23 22:05:28 UTC
Created attachment 698 [details]
security patch for the latest bug (HTH)
We're aware of it and have already built an updated package. It'll be released as soon as the QA guys approve it, should be only a couple more minutes. The security patch included in the updated package fixes only the problems with the *printf-style % format specifications (the known exploit of the site exec bug). The patch submitted by pekkas is different, in that it deals with other potential buffer overrun problems related to the site exec command. Would it not be a good idea to include both patches? |