[debian-users:22965] [SECURITY] New Debian wu-ftpd packages released (from debian-security-announce@lists.debian.org)

[Hiroshi KISE <fuyuneko@xxxxxxxxxxxx>]

ちゃんと訳しませんが、slink、potato、woody版のwu-ftpd-academまたは
wu-ftpdパッケージに、リモートからroot権限を取れるセキュリティホールが
みつかっています。また、修正パッケージが出ています。

アナウンスメイルのPGP署名つき完全版は、
http://www.jp.debian.org/Lists-Archives/debian-security-announce-00/msg00011.html
でみることができます。

At Fri, 23 Jun 2000 00:17:07 -0700,
Daniel Jacobowitz wrote:
> -----------------------------------------------------------------------------
> Debian Security Advisory                                 security@debian.org
> http://www.debian.org/security/                            Daniel Jacobowitz
> June 22, 2000
> -----------------------------------------------------------------------------

> Package: wu-ftpd (wu-ftpd-academ)
> Vulnerability: remote root exploit
> Debian-specific: no

> The version of wu-ftpd distributed in Debian GNU/Linux 2.1 (a.k.a. slink),
> as well as in the frozen (potato) and unstable (woody) distributions, is
> vulnerable to a remote root compromise.  The default configuration in all
> current Debian packages prevents the currently available exploits in the
> case of anonymous access, although local users could still possibly
> compromise the server.
> 
> This has been fixed in versions 2.4.2.16-13.1 (for slink) and 2.6.0-5.1 (for
> potato and woody), and we recommend that you update your wu-ftpd-academ (for
> slink) or wu-ftpd (for potato and woody) package immediately.

(以下省略)
-- 
喜瀬“冬猫”浩＠南国沖縄