vsftpd is a secure and fast FTP server for UNIX-like systems that is used on many large and critical Internet sites. Its rich feature set includes SSL encryption, IPv6, bandwidth throttling, PAM integration, virtual users, virtual IPs and per-user / per-IP configuration.
@markhobley: The issue described is not a "security flaw", despite various misinformation on the internet about the issue.
Hi Chris. I know that...
Release Notes: This release corrects a DoS vulnerability where an attacker permitted to login to an FTP server would be able to cause the vsftpd child processes spawned for their sessions to consume excessive amounts of CPU time (CVE-2011-0762). If the attack is carried out on a sufficient number of FTP sessions (possibly from multiple source IP addresses to exceed a possible per-source limit), the FTP service would become unavailable and other services of the system would be greatly impacted. Some other bugs with no apparent security impact have been fixed at the same time.
Release Notes: The version number was fixed. Version 2.3.1 incorrectly reported itself as version 2.3.0.
Release Notes: A silly regression introduced in 2.3.0 was fixed - the log files are no longer overwritten from the start when vsftpd is restarted.
Release Notes: A couple of regressions were fixed: port_promiscuous now works again and SSL data transfers with ASCII transforms should work reliably again. It is now possible to overwrite files partially with REST + STOR. A minimal, experimental HTTP mode was added.
Release Notes: Most notably, a regression was fixed in the built-in listener. Under heavy load, new FTP sessions could sometimes get disconnected right way. This is now fixed. If you saw "OOPS: child died" just after connecting, it was likely this bug.