- Issued:
- 2013-01-07
- Updated:
- 2013-01-07
RHBA-2013:0025 - Bug Fix Advisory
Synopsis
vsftpd bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated vsftpd packages that fix multiple bugs are now available for Red Hat
Enterprise Linux 5.
Description
The vsftpd packages provide the VSFTP (Very Secure File Transfer Protocol)
daemon.
This update fixes the following bugs:
- Prior to this update, the "local_max_rate" option did not work as expected. As
a consequence, the transmission speed was significantly lower. This update
extends the types of variables for calculating and accumulating the amount of
transferred data and postpones the start of evaluation after the tenth.
(BZ#795393)
- Prior to this update, the "ls" command failed to handle the wildcard character
"?" correctly. This update modifies the "ls" code so that the "ls" command can
now uses the wildcard character "?" as expected. (BZ#799245)
- Prior to this update, the file transfer on a TLS connection failed after
transferring the first files when the "ssl_request_cert" option used the default
setting "YES". This update modifies the underlying code so that the file
transfer completes as expected. (BZ#804078)
- Prior to this update, the vsftpd daemon did not correctly handle "EADDRINUSE"
errors received from a TCP port on which vsftpd was listening. As a consequence,
vsftpd immediately sent an error message to an FTP client instead of retrying to
use the port. This update modifies the error handling of vsftpd so that the
daemon now retries the port before sending the error message to the FTP client.
(BZ#809450)
- Prior to this update, the vsftpd daemon failed with the message "500 OOPS:
vsf_sysutil_bind" when the ports from the range configured for passive mode were
occupied. This could occur when repeating the "ls" command on the empty
sub-directory in the FTP client. The updated daemon is able to reuse ports from
the approved range that are in the state TIME_WAIT and the described failure is
no more observed. (BZ#845051)
All users of vsftpd are advised to upgrade to these updated packages, which fix
these bugs.
Solution
Before applying this update, make sure all previously-released errata relevant
to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 ia64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
- BZ - 845051 - 500 OOPS: vsf_sysutil_bind while passive port occupied
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 5
SRPM | |
---|---|
vsftpd-2.0.5-28.el5.src.rpm | SHA-256: 7ba0975f7887a71bb19eee17a5112e4dcd7b189f94e198866bced76a080cb5d0 |
x86_64 | |
vsftpd-2.0.5-28.el5.x86_64.rpm | SHA-256: d298f101c36482e67a2365923b21a27a5e4a0a1bc432388959bc52bfcfc05136 |
vsftpd-debuginfo-2.0.5-28.el5.x86_64.rpm | SHA-256: b04a7e3291866986d76b569155d5139dc53d1e8aaa402ed2bc1118f0cfda869f |
ia64 | |
vsftpd-2.0.5-28.el5.ia64.rpm | SHA-256: 3bcaf0ac0ae01e1450a3b74b35e74becf539bf9ec6463b0b1a6ec506aa99836f |
vsftpd-debuginfo-2.0.5-28.el5.ia64.rpm | SHA-256: d96d5deb77cd88544ba4fc74a924d1aa12205320b18312739721fe3f01b7f823 |
i386 | |
vsftpd-2.0.5-28.el5.i386.rpm | SHA-256: bc8ca497ee834de43332b2f7aed0cc561dd96ac03194ec6a8f7003455159f9e9 |
vsftpd-debuginfo-2.0.5-28.el5.i386.rpm | SHA-256: 88bd639f3a32e15d45508eb5b2ddce84c32b43f265129952b0c9ac372cb63484 |
Red Hat Enterprise Linux Workstation 5
SRPM | |
---|---|
vsftpd-2.0.5-28.el5.src.rpm | SHA-256: 7ba0975f7887a71bb19eee17a5112e4dcd7b189f94e198866bced76a080cb5d0 |
x86_64 | |
vsftpd-2.0.5-28.el5.x86_64.rpm | SHA-256: d298f101c36482e67a2365923b21a27a5e4a0a1bc432388959bc52bfcfc05136 |
vsftpd-debuginfo-2.0.5-28.el5.x86_64.rpm | SHA-256: b04a7e3291866986d76b569155d5139dc53d1e8aaa402ed2bc1118f0cfda869f |
i386 | |
vsftpd-2.0.5-28.el5.i386.rpm | SHA-256: bc8ca497ee834de43332b2f7aed0cc561dd96ac03194ec6a8f7003455159f9e9 |
vsftpd-debuginfo-2.0.5-28.el5.i386.rpm | SHA-256: 88bd639f3a32e15d45508eb5b2ddce84c32b43f265129952b0c9ac372cb63484 |
Red Hat Enterprise Linux for IBM z Systems 5
SRPM | |
---|---|
vsftpd-2.0.5-28.el5.src.rpm | SHA-256: 7ba0975f7887a71bb19eee17a5112e4dcd7b189f94e198866bced76a080cb5d0 |
s390x | |
vsftpd-2.0.5-28.el5.s390x.rpm | SHA-256: 4f5022fef47a2a9e3fb654789f7f87466579939b105d6b4180542434eb707c53 |
vsftpd-debuginfo-2.0.5-28.el5.s390x.rpm | SHA-256: 1d597e9b3b41b3c9a8acf1dbf810a75d4fe48f72dbf525ef704fb9b7e3417be1 |
Red Hat Enterprise Linux for Power, big endian 5
SRPM | |
---|---|
vsftpd-2.0.5-28.el5.src.rpm | SHA-256: 7ba0975f7887a71bb19eee17a5112e4dcd7b189f94e198866bced76a080cb5d0 |
ppc | |
vsftpd-2.0.5-28.el5.ppc.rpm | SHA-256: caa6a0811600deabb0a4200de01894581d1d2183cb796ae111fc024e82ce7ddd |
vsftpd-debuginfo-2.0.5-28.el5.ppc.rpm | SHA-256: 0f6c29f8c18c57cb41c55ecbd6a51f4ab7f8acc9dabecb182f4376835487e255 |
Red Hat Enterprise Linux Server from RHUI 5
SRPM | |
---|---|
vsftpd-2.0.5-28.el5.src.rpm | SHA-256: 7ba0975f7887a71bb19eee17a5112e4dcd7b189f94e198866bced76a080cb5d0 |
x86_64 | |
vsftpd-2.0.5-28.el5.x86_64.rpm | SHA-256: d298f101c36482e67a2365923b21a27a5e4a0a1bc432388959bc52bfcfc05136 |
vsftpd-debuginfo-2.0.5-28.el5.x86_64.rpm | SHA-256: b04a7e3291866986d76b569155d5139dc53d1e8aaa402ed2bc1118f0cfda869f |
i386 | |
vsftpd-2.0.5-28.el5.i386.rpm | SHA-256: bc8ca497ee834de43332b2f7aed0cc561dd96ac03194ec6a8f7003455159f9e9 |
vsftpd-debuginfo-2.0.5-28.el5.i386.rpm | SHA-256: 88bd639f3a32e15d45508eb5b2ddce84c32b43f265129952b0c9ac372cb63484 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.