Red Hat Bugzilla – Bug 27811
anon ftp libraries not updated
Last modified: 2007-04-18 12:31:29 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)
Upgrading glibc and other libraries does not upgrade the libraries for the
anonymous ftp account. This may impact security due to anon ftp reliance
on these libraries.
Steps to Reproduce:
1. ls -l `locate ld-2.1.3.so`
2. notice that /home/ftp/lib/ld-2.1.3.so is older.
Actual Results: -rwxr-xr-x 1 root root 77216 Feb 4
-rwxr-xr-x 1 root root 76960 Jul 25 2000 /usr/i386-glibc21-
Those libraries are part of the anonftp package.
anonftp-4.0 takes care of this once and for all - it doesn't own any files
anymore, but just copies the current ones from rpm triggers.