Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: [slackware-security] lftp security update (SSA:2003-346-01)

[slackware-security] lftp security update (SSA:2003-346-01)

From: Slackware Security Team <security_at_slackware.com>
Date: Fri, 12 Dec 2003 12:39:56 -0800 (PST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] lftp security update (SSA:2003-346-01)

lftp is a file transfer program that connects to other hosts
using FTP, HTTP, and other protocols.

A security problem with lftp has been corrected with the release
of lftp-2.6.10. New packages are available for Slackware 8.1,
9.0, 9.1, and -current. Any sites using lftp should upgrade to
the new packages.

Here are the details from the Slackware 9.1 ChangeLog:
+--------------------------+
Fri Dec 12 11:12:05 PST 2003
patches/packages/lftp-2.6.10-i486-1.tgz: Upgraded to lftp-2.6.10.
  According to the NEWS file, this includes "security fixes in html
  parsing code" which could cause a compromise when using lftp to
  access an untrusted site.
  (* Security fix *)
+--------------------------+

WHERE TO FIND THE NEW PACKAGE:
+-----------------------------+

Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/lftp-2.6.10-i386-1.tgz

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/lftp-2.6.10-i386-1.tgz

Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/lftp-2.6.10-i486-1.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/lftp-2.6.10-i486-1.tgz

MD5 SIGNATURES:
+-------------+

Slackware 8.1 package:
1e7eae2a8279491d439f4494c8733aa2 lftp-2.6.10-i386-1.tgz

Slackware 9.0 package:
af80878951917a6683bc3076947f2632 lftp-2.6.10-i386-1.tgz

Slackware 9.1 package:
e053a1641f1f16de8d2659e70ca81c04 lftp-2.6.10-i486-1.tgz

Slackware -current package:
07e76203820f54983cbc4591cc830b97 lftp-2.6.10-i486-1.tgz

INSTALLATION INSTRUCTIONS:
+------------------------+

Upgrade the package as root:
# upgradepkg lftp-2.6.10-i486-1.tgz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security_at_slackware.com

+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: |
+------------------------------------------------------------------------+
| Send an email to majordomo_at_slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back. Follow the instructions to |
| complete the unsubscription. Do not reply to this message to |
| unsubscribe! |
+------------------------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/2hdTakRjwEAQIjMRAmHbAKCQtw9UN4ItGNph3ca4CqtfJDZiyACfV5gc
0uX5KSFnwEb2k0tucmkKWzI=
=SQlB
-----END PGP SIGNATURE-----
Received on Dec 12 2003

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]