Skip to navigation

Bug Fix Advisory vsftpd bug fix update

Advisory: RHBA-2010:0410-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2010-05-17
Last updated on: 2010-05-17
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)

Details

An updated vsftpd package that fixes two bugs is now available.

The vsftpd package includes a Very Secure FTP (File Transfer Protocol) daemon.

This updated vsftpd package includes fixes for the following bugs:

* when the "connect_from_port_20" directive in the vsftp.conf configuration file
was set to "NO", and other directives were set to certain values, the vsftpd
daemon would disconnect clients immediately after establishing the connection.
With this update, setting "connect_from_port_20=NO" in vsftpd.conf no longer
results in such disconnects, and clients are again able to successfully
establish connections.
(BZ#580055)

* when the "background" directive in the vsftpd.conf configuration file is set
to "YES", the vsftpd startup script forks, creating a child process (the vsftpd
daemon) which immediately sends the SIGUSR1 signal to its parent process, which
exits upon receiving it. When "background=NO" was specified in vsftpd.conf, the
startup script did not fork, but still sent the SIGUSR1 signal to its parent
process, which could have been any process that started the vsftpd process. A
parent process which did not explicitly handle SIGUSR1 would exit upon receiving
this signal. This update ensures that when "background=NO" is specified in
vsftpd.conf, the vsftpd process running in the foreground does not send the
SIGUSR1 signal to its parent process, thus avoiding potentially causing that
process to exit. (BZ#580396)

All users of vsftpd are advised to upgrade to this updated package, which
resolves these issues.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
vsftpd-2.0.5-16.el5_5.1.src.rpm
File outdated by:  RHBA-2013:0025
    MD5: e3c4265f9f12cff555b7ce4b1be7fe9f
SHA-256: a65e02d3366a7c528af7eb809acf93b98a47b68e47f15c56880b91823d294bee
 
IA-32:
vsftpd-2.0.5-16.el5_5.1.i386.rpm
File outdated by:  RHBA-2013:0025
    MD5: e2f4509853db52739f9e9d4b74b2faae
SHA-256: 1f739b6f8e7f40e43c8be0f06f6e97265eab3fc616ca729ec043476a6a348302
 
x86_64:
vsftpd-2.0.5-16.el5_5.1.x86_64.rpm
File outdated by:  RHBA-2013:0025
    MD5: a8f702b85080d3dc055dd698c36af4ff
SHA-256: d28a52beece222ce714c00cb9fd2e809385bf2a8222e8363e2caf66e7977a6ac
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
vsftpd-2.0.5-16.el5_5.1.src.rpm
File outdated by:  RHBA-2013:0025
    MD5: e3c4265f9f12cff555b7ce4b1be7fe9f
SHA-256: a65e02d3366a7c528af7eb809acf93b98a47b68e47f15c56880b91823d294bee
 
IA-32:
vsftpd-2.0.5-16.el5_5.1.i386.rpm
File outdated by:  RHBA-2013:0025
    MD5: e2f4509853db52739f9e9d4b74b2faae
SHA-256: 1f739b6f8e7f40e43c8be0f06f6e97265eab3fc616ca729ec043476a6a348302
 
IA-64:
vsftpd-2.0.5-16.el5_5.1.ia64.rpm
File outdated by:  RHBA-2013:0025
    MD5: 0df191ae3710ea61d21b0ff76e20113f
SHA-256: 59533e09a9980620d97ebf07f41e818326662e0af6c0fe8860358fee79571d5a
 
PPC:
vsftpd-2.0.5-16.el5_5.1.ppc.rpm
File outdated by:  RHBA-2013:0025
    MD5: 792b6385d1fe5c28e79d1245d56c7c19
SHA-256: 55f66a0d176033ac0b88ace19b921b846cc549389efb30fef99c64a2ddcacdd2
 
s390x:
vsftpd-2.0.5-16.el5_5.1.s390x.rpm
File outdated by:  RHBA-2013:0025
    MD5: 5e9ac17da102f7782a0472915b1e4582
SHA-256: 364b8b6b5e288301448af9754e66866a0765f42e6ebbde18d5309cd0825db8cd
 
x86_64:
vsftpd-2.0.5-16.el5_5.1.x86_64.rpm
File outdated by:  RHBA-2013:0025
    MD5: a8f702b85080d3dc055dd698c36af4ff
SHA-256: d28a52beece222ce714c00cb9fd2e809385bf2a8222e8363e2caf66e7977a6ac
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

580055 - [RHEL5] vsftpd prematurely closes connection just before processing of post-auth commands
580396 - vsftpd issues in RHEL5.4



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/