Skip to navigation

Bug Fix Advisory vsftpd bug fix and enhancement update

Advisory: RHBA-2012:0187-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2012-02-20
Last updated on: 2012-02-20
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)

Details

An updated vsftpd package that fixes three bugs and adds three enhancements is
now available for Red Hat Enterprise Linux 5.

The vsftpd package includes a Very Secure FTP (File Transfer Protocol) daemon.

This update fixes the following bugs:

* The "delay_failed_login" and "max_login_fails" options, which can be set in
the vsftpd.conf file, did not work correctly. Consequently, the user had an
unlimited number of login attempts if the "userlist_enabled=YES" and
"userlist_deny=NO" rules were specified in the vsftpd.conf file. The vsftpd
daemon now properly uses a delay between two unsuccessful login attempts and
also refuses any connection after a specified number of unsuccessful login
attempts. (BZ#513828)

* The vsftpd daemon did not handle file transfer failures correctly if the
ftp-data port was blocked on the FTP client. As a consequence, vsftpd became
unresponsive under these circumstances. The updated vsftpd daemon now reports
such failures to the FTP client and the data transfer is terminated as expected.
(BZ#717409)

* An attempt to list files could lead to a data type overflow error if a
directory contained files with owner's UID or GID that was higher then the
maximum value of the "signed int" data type (that is 2147483647). Subsequently,
the FTP connection was terminated. With this update, vsftpd has been modified to
support UIDs and GIDs up to the maximum value of the "unsigned int" data type
(that is 4294967294). Directory content is now listed as expected in the
scenario described. (BZ#759364)

In addition, this update adds the following enhancements:

* The vsftpd server previously did not support the UTF-8 feature. This update
implements the UTF-8 feature for the vsftpd server in accordance with the
Internationalization of the File Transfer Protocol (RFC 2640) standard.
(BZ#638873)

* The "ls" command previously did not support square brackets as wildcard
characters in FTP connections. This update improves wildcard characters support
in vsftpd and square brackets can now be used in regular expressions with the
"ls" command accordingly. (BZ#641239)

* With this update, vsftpd introduces the new "ssl_request_cert" option, which
enables vsftpd to request certificates on incoming SSL connections. (BZ#644083)

All users of vsftpd are advised to upgrade to this updated package, which fixes
these bugs and adds these enhancements.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
vsftpd-2.0.5-24.el5.src.rpm
File outdated by:  RHBA-2013:0025
    MD5: 8bf04fdf8496361221599527ef4b5b63
SHA-256: 4e502e4058fd021fa6c620290b41f2aacd81ff8e90e32ab864a47ad4c4d20998
 
IA-32:
vsftpd-2.0.5-24.el5.i386.rpm
File outdated by:  RHBA-2013:0025
    MD5: c0ef493fbec3196bb5a07a93bdbde6b6
SHA-256: ad4a470d899590099a9776658d3b31e118e58ea34997a476d90c835d00210fbc
 
x86_64:
vsftpd-2.0.5-24.el5.x86_64.rpm
File outdated by:  RHBA-2013:0025
    MD5: f9f5997283135f0329966b7c38c914bc
SHA-256: 2244575109610c16d4be16aa1285ed44d49beb583ecf003dcf8a26c3b3a3ffd6
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
vsftpd-2.0.5-24.el5.src.rpm
File outdated by:  RHBA-2013:0025
    MD5: 8bf04fdf8496361221599527ef4b5b63
SHA-256: 4e502e4058fd021fa6c620290b41f2aacd81ff8e90e32ab864a47ad4c4d20998
 
IA-32:
vsftpd-2.0.5-24.el5.i386.rpm
File outdated by:  RHBA-2013:0025
    MD5: c0ef493fbec3196bb5a07a93bdbde6b6
SHA-256: ad4a470d899590099a9776658d3b31e118e58ea34997a476d90c835d00210fbc
 
IA-64:
vsftpd-2.0.5-24.el5.ia64.rpm
File outdated by:  RHBA-2013:0025
    MD5: b04cebad9015de3d2df8337cfc528c2e
SHA-256: 8f7402fe660b0105e2ab27533d0e55202207dbe3e4dd0312984816b1b16bf803
 
PPC:
vsftpd-2.0.5-24.el5.ppc.rpm
File outdated by:  RHBA-2013:0025
    MD5: 41ea86d08e58877fefac336bdb597941
SHA-256: c64d1d7e801d20e984563400eda4dff85758590d8c2b59f58cfacb4cd2a52ab5
 
s390x:
vsftpd-2.0.5-24.el5.s390x.rpm
File outdated by:  RHBA-2013:0025
    MD5: 4912f976d30194c9ae9d0f5244b867ff
SHA-256: 984302896c014519b7dfec29f0f13dee3491669535e69c6ba1782633f0b3f79e
 
x86_64:
vsftpd-2.0.5-24.el5.x86_64.rpm
File outdated by:  RHBA-2013:0025
    MD5: f9f5997283135f0329966b7c38c914bc
SHA-256: 2244575109610c16d4be16aa1285ed44d49beb583ecf003dcf8a26c3b3a3ffd6
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

641239 - [RFE] vsftpd can not handle square brackets in ls



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/