Articles / Ubuntu: New vsftpd packages…

Ubuntu: New vsftpd packages fix security vulnerabilities

It was discovered that vsftpd incorrectly handled certain glob expressions. A remote authenticated user could use a crafted glob expression to cause vftpd to consume all resources, leading to a denial of service. Updated packages are available from security.ubuntu.com.

===========================================================
Ubuntu Security Notice USN-1098-1 March 29, 2011
vsftpd vulnerability
CVE-2011-0762
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
vsftpd 2.0.4-0ubuntu4.1

Ubuntu 8.04 LTS:
vsftpd 2.0.6-1ubuntu1.2

Ubuntu 9.10:
vsftpd 2.2.0-1ubuntu2.1

Ubuntu 10.04 LTS:
vsftpd 2.2.2-3ubuntu6.1

Ubuntu 10.10:
vsftpd 2.3.0~pre2-4ubuntu2.2

In general, a standard system update will make all the necessary changes.

Details follow:

It was discovered that vsftpd incorrectly handled certain glob expressions.
A remote authenticated user could use a crafted glob expression to cause
vftpd to consume all resources, leading to a denial of service.


Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/v/vsftpd/vsftpd_2.0.4-0ubuntu4.1.diff.gz
Size/MD5: 9002 71b3cbf76635b427b4882c4c80aa3339
http://security.ubuntu.com/ubuntu/pool/main/v/vsftpd/vsftpd_2.0.4-0ubuntu4.1.dsc
Size/MD5: 1277 eb89a19684ca4c38ff9ff16278d79ade
http://security.ubuntu.com/ubuntu/pool/main/v/vsftpd/vsftpd_2.0.4.orig.tar.gz
Size/MD5: 154857 c0bf8c7b8e15ab15827172786fc56115

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/v/vsftpd/vsftpd_2.0.4-0ubuntu4.1_amd64.deb
Size/MD5: 119970 068a70313805b914a4b1c0bfeba61fb6

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/v/vsftpd/vsftpd_2.0.4-0ubuntu4.1_i386.deb
Size/MD5: 110500 dfb2a6973a94b9891d468d653d8d7a99

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/v/vsftpd/vsftpd_2.0.4-0ubuntu4.1_powerpc.deb
Size/MD5: 117490 02e03e478f3e03c3d86248039132ef9f

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/v/vsftpd/vsftpd_2.0.4-0ubuntu4.1_sparc.deb
Size/MD5: 111108 f2630543cd6ba8b6bc3643be72d06e8c

Updated packages for Ubuntu 8.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/v/vsftpd/vsftpd_2.0.6-1ubuntu1.2.diff.gz
Size/MD5: 11180 d1ed48f225877212cb77e0b0faf61f5d
http://security.ubuntu.com/ubuntu/pool/main/v/vsftpd/vsftpd_2.0.6-1ubuntu1.2.dsc
Size/MD5: 1418 01ec1fb79564c14b946f43af13806e4d
http://security.ubuntu.com/ubuntu/pool/main/v/vsftpd/vsftpd_2.0.6.orig.tar.gz
Size/MD5: 158516 f7a742690d7f86e356fb66d3840079c7

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/v/vsftpd/vsftpd_2.0.6-1ubuntu1.2_amd64.deb
Size/MD5: 104834 40195c8e19f1d547407d402218e68c13

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/v/vsftpd/vsftpd_2.0.6-1ubuntu1.2_i386.deb
Size/MD5: 97206 f3a925236ba7ac4fb80732281f7e06bb

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/v/vsftpd/vsftpd_2.0.6-1ubuntu1.2_lpia.deb
Size/MD5: 97298 431ace81717f43a19c747ffbb8925e30

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/v/vsftpd/vsftpd_2.0.6-1ubuntu1.2_powerpc.deb
Size/MD5: 105878 2903a8a4b2e395a4be84f24b88ee78a7

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/v/vsftpd/vsftpd_2.0.6-1ubuntu1.2_sparc.deb
Size/MD5: 97652 ab5a49a21b1451ea6a2fbeef253d4e88

Updated packages for Ubuntu 9.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/v/vsftpd/vsftpd_2.2.0-1ubuntu2.1.diff.gz
Size/MD5: 21979 313708203c8a095a998ddaf8f835050b
http://security.ubuntu.com/ubuntu/pool/main/v/vsftpd/vsftpd_2.2.0-1ubuntu2.1.dsc
Size/MD5: 1953 d2e3c06692c03cfbc97c6d154ebd804c
http://security.ubuntu.com/ubuntu/pool/main/v/vsftpd/vsftpd_2.2.0.orig.tar.gz
Size/MD5: 184700 e4eb190af270ae65d57a84274a38ec31

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/v/vsftpd/vsftpd_2.2.0-1ubuntu2.1_amd64.deb
Size/MD5: 144212 a6f6bacfa55446f4c7552da42816bda7

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/v/vsftpd/vsftpd_2.2.0-1ubuntu2.1_i386.deb
Size/MD5: 137924 40d99dfde4d2ecbb52e4398a4fcf5f3e

armel architecture (ARM Architecture):

http://ports.ubuntu.com/pool/main/v/vsftpd/vsftpd_2.2.0-1ubuntu2.1_armel.deb
Size/MD5: 135058 9e22d8f4fb674b757c4c0cc1f67f5391

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/v/vsftpd/vsftpd_2.2.0-1ubuntu2.1_lpia.deb
Size/MD5: 138408 ce579c05abec4d76e65d977fa6967eeb

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/v/vsftpd/vsftpd_2.2.0-1ubuntu2.1_powerpc.deb
Size/MD5: 139100 fae9351b1ecd642bf5ae9c1663f171c6

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/v/vsftpd/vsftpd_2.2.0-1ubuntu2.1_sparc.deb
Size/MD5: 135316 92915b3f9daac21d8fcfed46b0ec7bb7

Updated packages for Ubuntu 10.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/v/vsftpd/vsftpd_2.2.2-3ubuntu6.1.diff.gz
Size/MD5: 24759 ab91412b742d3129a4bd2d87acac1a88
http://security.ubuntu.com/ubuntu/pool/main/v/vsftpd/vsftpd_2.2.2-3ubuntu6.1.dsc
Size/MD5: 1994 0c12dbb079cbb09ce7b80cee3c80f5ce
http://security.ubuntu.com/ubuntu/pool/main/v/vsftpd/vsftpd_2.2.2.orig.tar.gz
Size/MD5: 185562 6d6bc136af14c23f8fef6f1a51f55418

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/v/vsftpd/vsftpd_2.2.2-3ubuntu6.1_amd64.deb
Size/MD5: 147882 268df4d7bba12afd02c98089d1e3d3ed

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/v/vsftpd/vsftpd_2.2.2-3ubuntu6.1_i386.deb
Size/MD5: 140214 f7fee3386f51cfc74d9f1972026a6252

armel architecture (ARM Architecture):

http://ports.ubuntu.com/pool/main/v/vsftpd/vsftpd_2.2.2-3ubuntu6.1_armel.deb
Size/MD5: 136656 98c9ae3905bd8290657939e09153c055

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/v/vsftpd/vsftpd_2.2.2-3ubuntu6.1_powerpc.deb
Size/MD5: 142378 705cf88f8dccda1261987aaee5953d92

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/v/vsftpd/vsftpd_2.2.2-3ubuntu6.1_sparc.deb
Size/MD5: 139754 aec69b77168d0d4d5676eaff074f3672

Updated packages for Ubuntu 10.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/v/vsftpd/vsftpd_2.3.0~pre2-4ubuntu2.2.diff.gz
Size/MD5: 27388 8d1e15962d04e68ba85b093f77516677
http://security.ubuntu.com/ubuntu/pool/main/v/vsftpd/vsftpd_2.3.0~pre2-4ubuntu2.2.dsc
Size/MD5: 2093 4b8d29d52fed0b5d79f7f0e2ffa30a9a
http://security.ubuntu.com/ubuntu/pool/main/v/vsftpd/vsftpd_2.3.0~pre2.orig.tar.gz
Size/MD5: 186992 eb62ab1b8a5d2ff7ac13ef1611d76812

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/v/vsftpd/vsftpd_2.3.0~pre2-4ubuntu2.2_amd64.deb
Size/MD5: 123208 19ac767ac528eef1a729d8552e130a1d

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/v/vsftpd/vsftpd_2.3.0~pre2-4ubuntu2.2_i386.deb
Size/MD5: 116584 b4eaa00eefc414d79fa57fe6e239d229

armel architecture (ARM Architecture):

http://ports.ubuntu.com/pool/main/v/vsftpd/vsftpd_2.3.0~pre2-4ubuntu2.2_armel.deb
Size/MD5: 114500 1d4f3be5a98fc14330ab3b9602153931

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/v/vsftpd/vsftpd_2.3.0~pre2-4ubuntu2.2_powerpc.deb
Size/MD5: 117482 d1288d20949967d95c0ae6cf7c787683
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.