Skip to navigation

Bug Fix Advisory vsftpd bug fix update

Advisory: RHBA-2013:0025-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2013-01-07
Last updated on: 2013-01-07
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)

Details

Updated vsftpd packages that fix multiple bugs are now available for Red Hat
Enterprise Linux 5.

The vsftpd packages provide the VSFTP (Very Secure File Transfer Protocol)
daemon.

This update fixes the following bugs:

* Prior to this update, the "local_max_rate" option did not work as expected. As
a consequence, the transmission speed was significantly lower. This update
extends the types of variables for calculating and accumulating the amount of
transferred data and postpones the start of evaluation after the tenth.
(BZ#795393)

* Prior to this update, the "ls" command failed to handle the wildcard character
"?" correctly. This update modifies the "ls" code so that the "ls" command can
now uses the wildcard character "?" as expected. (BZ#799245)

* Prior to this update, the file transfer on a TLS connection failed after
transferring the first files when the "ssl_request_cert" option used the default
setting "YES". This update modifies the underlying code so that the file
transfer completes as expected. (BZ#804078)

* Prior to this update, the vsftpd daemon did not correctly handle "EADDRINUSE"
errors received from a TCP port on which vsftpd was listening. As a consequence,
vsftpd immediately sent an error message to an FTP client instead of retrying to
use the port. This update modifies the error handling of vsftpd so that the
daemon now retries the port before sending the error message to the FTP client.
(BZ#809450)

* Prior to this update, the vsftpd daemon failed with the message "500 OOPS:
vsf_sysutil_bind" when the ports from the range configured for passive mode were
occupied. This could occur when repeating the "ls" command on the empty
sub-directory in the FTP client. The updated daemon is able to reuse ports from
the approved range that are in the state TIME_WAIT and the described failure is
no more observed. (BZ#845051)

All users of vsftpd are advised to upgrade to these updated packages, which fix
these bugs.


Solution

Before applying this update, make sure all previously-released errata relevant
to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
vsftpd-2.0.5-28.el5.src.rpm     MD5: 960a17982c76bbf48491cdbaac10c04f
SHA-256: 7ba0975f7887a71bb19eee17a5112e4dcd7b189f94e198866bced76a080cb5d0
 
IA-32:
vsftpd-2.0.5-28.el5.i386.rpm     MD5: 27d0a10edfa9f095a688ad5b83dd3fa0
SHA-256: bc8ca497ee834de43332b2f7aed0cc561dd96ac03194ec6a8f7003455159f9e9
vsftpd-debuginfo-2.0.5-28.el5.i386.rpm     MD5: 856d3ed7350714052ce75fe661833548
SHA-256: 88bd639f3a32e15d45508eb5b2ddce84c32b43f265129952b0c9ac372cb63484
 
x86_64:
vsftpd-2.0.5-28.el5.x86_64.rpm     MD5: 674790af417e37e7e80254ce81e0073a
SHA-256: d298f101c36482e67a2365923b21a27a5e4a0a1bc432388959bc52bfcfc05136
vsftpd-debuginfo-2.0.5-28.el5.x86_64.rpm     MD5: 959b4558d1e6f7cd2292712a18132f1a
SHA-256: b04a7e3291866986d76b569155d5139dc53d1e8aaa402ed2bc1118f0cfda869f
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
vsftpd-2.0.5-28.el5.src.rpm     MD5: 960a17982c76bbf48491cdbaac10c04f
SHA-256: 7ba0975f7887a71bb19eee17a5112e4dcd7b189f94e198866bced76a080cb5d0
 
IA-32:
vsftpd-2.0.5-28.el5.i386.rpm     MD5: 27d0a10edfa9f095a688ad5b83dd3fa0
SHA-256: bc8ca497ee834de43332b2f7aed0cc561dd96ac03194ec6a8f7003455159f9e9
vsftpd-debuginfo-2.0.5-28.el5.i386.rpm     MD5: 856d3ed7350714052ce75fe661833548
SHA-256: 88bd639f3a32e15d45508eb5b2ddce84c32b43f265129952b0c9ac372cb63484
 
IA-64:
vsftpd-2.0.5-28.el5.ia64.rpm     MD5: 1a5c0d3dbaff11f8287c84984e219119
SHA-256: 3bcaf0ac0ae01e1450a3b74b35e74becf539bf9ec6463b0b1a6ec506aa99836f
vsftpd-debuginfo-2.0.5-28.el5.ia64.rpm     MD5: c0675bfd2ad570f1b1bc51ef9d02d7bd
SHA-256: d96d5deb77cd88544ba4fc74a924d1aa12205320b18312739721fe3f01b7f823
 
PPC:
vsftpd-2.0.5-28.el5.ppc.rpm     MD5: e933fd2bacb2fb131b6f5f93864513e6
SHA-256: caa6a0811600deabb0a4200de01894581d1d2183cb796ae111fc024e82ce7ddd
vsftpd-debuginfo-2.0.5-28.el5.ppc.rpm     MD5: 9e6039ff9ea088e8f5c3407a91189dd5
SHA-256: 0f6c29f8c18c57cb41c55ecbd6a51f4ab7f8acc9dabecb182f4376835487e255
 
s390x:
vsftpd-2.0.5-28.el5.s390x.rpm     MD5: fa011fefba610b430242d10a79045eae
SHA-256: 4f5022fef47a2a9e3fb654789f7f87466579939b105d6b4180542434eb707c53
vsftpd-debuginfo-2.0.5-28.el5.s390x.rpm     MD5: 0c8be3a32428ce4c852febfed01f08b6
SHA-256: 1d597e9b3b41b3c9a8acf1dbf810a75d4fe48f72dbf525ef704fb9b7e3417be1
 
x86_64:
vsftpd-2.0.5-28.el5.x86_64.rpm     MD5: 674790af417e37e7e80254ce81e0073a
SHA-256: d298f101c36482e67a2365923b21a27a5e4a0a1bc432388959bc52bfcfc05136
vsftpd-debuginfo-2.0.5-28.el5.x86_64.rpm     MD5: 959b4558d1e6f7cd2292712a18132f1a
SHA-256: b04a7e3291866986d76b569155d5139dc53d1e8aaa402ed2bc1118f0cfda869f
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

845051 - 500 OOPS: vsf_sysutil_bind while passive port occupied



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/