DSA-1925-1 proftpd-dfsg -- insufficient input validationID: oval:org.secpod.oval:def:600364 | Date: (C)2011-05-13 (M)2022-10-10 |
Class: PATCH | Family: unix |
It has been discovered that proftpd-dfsg, a virtual-hosting FTP daemon, does not properly handle a "\0" character in a domain name in the Subject Alternative Name field of an X.509 client certificate, when the dNSNameRequired TLS option is enabled. For the stable distribution , this problem has been fixed in version 1.3.1-17lenny4. For the oldstable distribution , this problem has been fixed in version 1.3.0-19etch3. Binaries for the amd64 architecture will be released once they are available. For the testing distribution and the unstable distribution , this problem has been fixed in version 1.3.2a-2. We recommend that you upgrade your proftpd-dfsg packages.
Platform: |
Debian 5.0 |
Debian 4.0 |