Fedora 10 Security Update: proftpd-1.3.2a-4.fc10

36
Article Source Fedora 10 Security Updates
September 2, 2009, 5:10 pm

Resolved Bugs
509251 – Canned /etc/proftpd.conf contains certain commands in “server config” instead of context
485130 – proftpd: SQL injection during login [Fedora 10]
485125 – CVE-2009-0542 proftpd: SQL injection during login

This update has a large number of changes from previous Fedora packages; the highlights are as follows:
– Update to upstream release 1.3.2a
– Fix SQL injection vulnerability at login (#485125, CVE-2009-0542)
– Fix SELinux compatibility (#498375)
– Fix audit logging (#506735)
– Fix default configuration (#509251)
– Many new loadable modules including mod_ctrls_admin and mod_wrap2
– National Language Support (RFC 2640)
– Enable/disable common features in /etc/sysconfig/proftpd…

Read More