- Issued:
- 2009-09-02
- Updated:
- 2009-09-02
RHBA-2009:1282 - Bug Fix Advisory
Synopsis
vsftpd bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
A vsftpd update that increases the maximum username length and fixes
several bugs is now available.
Description
The vsftpd package deploys the Very Secure File Transfer Protocol daemon.
This daemon enables secure and fast FTP service on Unix-like systems,
providing SSL encryption, IPv6, bandwidth throttling, PAM integration,
virtual users, virtual IPs and per-user/per-IP configuration.
This update applies the following bug fixes:
- in Red Hat Enterprise Linux 5, the default value for the 'background'
option was changed to 'NO'. This revealed a race condition in the way
vsftpd processed signals whenever child processes were forked. As a result
of this race condition, attempts to run vsftpd could fail without returning
an error code if another FTP service was also running. In this situation, a
user would not be notified that vsftpd failed to run. This update
implements extra routines for signal handling that fixes the race
condition, ensuring that vsftpd returns a proper error code whenever it
fails to start. (BZ#236707)
- the init script for this update is now POSIX-compliant. This corrects a
bug that could cause vsftpd to incorrectly return a zero exit code when it
failed to start. (BZ#431451)
- a bug in the dependencies between vsftpd parent and child processes
allowed those child processes to run even though their parent process was
already terminated. As such, terminating the vsftpd service did not
reliably stop all FTP connections initiated by vsftpd, which could pose a
security risk. This update fixes the child-parent process dependency bug by
adding several functions that terminate all vsftpd child processes whenever
their parent process is stopped. (BZ#441485)
- a bug caused the vsftpd daemon to not properly shut down SSL (Secure
Socket Layer) data connections, which led to interoperability problems
between the vsftpd daemon and client programs such as FileZilla. This has
been fixed in this update so that vsftpd no longer causes problems with
client applications. (BZ#459607)
- in previous versions of vsftpd, /etc/vsftpd/vsftpd.conf specified
/var/log/vsftpd.log as its default log file. However, this was different
from the specified default log file (i.e. /var/log/xferlog) in
/etc/logrotate.d/vsftpd.log. This prevented the logrotate script from
finding -- and consequently, rotating -- the vsftpd log file, resulting in
an unnecessarily large vsftpd log. This update corrects this issue by
specifying /var/log/xferlog as its default log file in
/etc/vsftpd/vsftpd.conf, which enables log rotation on vsftpd log files.
(BZ#460067)
- this update also fixes several typographical errors in the documentation
of some parameters in the vsftpd man page. (BZ#478526)
- vsftpd cannot locate usernames specified by the chown_username parameter
if the username is trailed by whitespace. This update contains a workaround
that trims trailing whitespaces from username values of chown_username.
(BZ#486259)
- the maximum username length is now 128 characters. In previous versions,
the maximum username was only 32 characters. (BZ#486524)
- the DNS reverse lookup feature was implemented without any way to disable
it. This update contains the parameter 'reverse_lookup_enable', which
allows users to enable or disable the DNS reverse lookup functionality.
(BZ#498548)
Users of vsftpd are advised to upgrade to this update.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 ia64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
- BZ - 236707 - vsftpd would crash without any error messages on bind fail
- BZ - 431451 - Wrong init script
- BZ - 441485 - "service vsftpd stop" not stopping all vsftpd processes
- BZ - 459607 - SSL connections are not correctly shutdown
- BZ - 478526 - man page error about some config options
- BZ - 486259 - white space after chown_username value causes failure
- BZ - 486524 - maximum username length is too short for vsftpd user in RHEL5
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 5
SRPM | |
---|---|
vsftpd-2.0.5-16.el5.src.rpm | SHA-256: be93adb20fb33d85d8f6d3071df8ca6b770eeaf0e9980fd39e1da0a4cbfd1d95 |
x86_64 | |
vsftpd-2.0.5-16.el5.x86_64.rpm | SHA-256: ec4671c4b5445f0250d71aaea8812546b8425968a452741171fb6c337634f3e1 |
ia64 | |
vsftpd-2.0.5-16.el5.ia64.rpm | SHA-256: 07dd70b949b34b5073064c6dc3e0bc7506e9c2fc5dc277c1c06745f109b086c9 |
i386 | |
vsftpd-2.0.5-16.el5.i386.rpm | SHA-256: df7bb949ada92436d423100e194d71abc3983b478b83cc692a043524851efc09 |
Red Hat Enterprise Linux Workstation 5
SRPM | |
---|---|
vsftpd-2.0.5-16.el5.src.rpm | SHA-256: be93adb20fb33d85d8f6d3071df8ca6b770eeaf0e9980fd39e1da0a4cbfd1d95 |
x86_64 | |
vsftpd-2.0.5-16.el5.x86_64.rpm | SHA-256: ec4671c4b5445f0250d71aaea8812546b8425968a452741171fb6c337634f3e1 |
i386 | |
vsftpd-2.0.5-16.el5.i386.rpm | SHA-256: df7bb949ada92436d423100e194d71abc3983b478b83cc692a043524851efc09 |
Red Hat Enterprise Linux for IBM z Systems 5
SRPM | |
---|---|
vsftpd-2.0.5-16.el5.src.rpm | SHA-256: be93adb20fb33d85d8f6d3071df8ca6b770eeaf0e9980fd39e1da0a4cbfd1d95 |
s390x | |
vsftpd-2.0.5-16.el5.s390x.rpm | SHA-256: f162c029c29f121efbacff1f9518c3c666e70b1a532e18fc881160cf313debd4 |
Red Hat Enterprise Linux for Power, big endian 5
SRPM | |
---|---|
vsftpd-2.0.5-16.el5.src.rpm | SHA-256: be93adb20fb33d85d8f6d3071df8ca6b770eeaf0e9980fd39e1da0a4cbfd1d95 |
ppc | |
vsftpd-2.0.5-16.el5.ppc.rpm | SHA-256: 6ab96e5beebc8e03dd74d5ba65ef8cebe07c6cee07c7351b455911d03adbff02 |
Red Hat Enterprise Linux Server from RHUI 5
SRPM | |
---|---|
vsftpd-2.0.5-16.el5.src.rpm | SHA-256: be93adb20fb33d85d8f6d3071df8ca6b770eeaf0e9980fd39e1da0a4cbfd1d95 |
x86_64 | |
vsftpd-2.0.5-16.el5.x86_64.rpm | SHA-256: ec4671c4b5445f0250d71aaea8812546b8425968a452741171fb6c337634f3e1 |
i386 | |
vsftpd-2.0.5-16.el5.i386.rpm | SHA-256: df7bb949ada92436d423100e194d71abc3983b478b83cc692a043524851efc09 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.