WU-FTPD 2.6.2 has been released.

The following security patches are available and should be applied.

* connect-dos.patch

   Fixes a possible denial of service attack on systems that allow only one
   non-connected socket bound to the same local address.

* realpath.patch

   Fixes an off-by-one error in the fb_realpath() function, as derived
   from the realpath function in BSD, may allow attackers to execute
   arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via
   commands that cause pathnames of length MAXPATHLEN+1 to trigger a
   buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE,
   (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.  SEE CVE CAN-2003-0466

* skeychallenge.patch

   Fixes a potential stack overflow in the handling of S/Key challenge
   logins.

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.