openSUSE Security Update : proftpd (openSUSE-SU-2013:1563-1)

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

proftpd was updated to 1.3.4d.

- Fixed broken build when using --disable-ipv6 configure

- Fixed mod_sql 'SQLAuthType Backend' MySQL issues

- fix for bnc#843444 (CVE-2013-4359)


- add proftpd-sftp-kbdint-max-responses-bug3973.patch

- Improve systemd service file

- use upstream tmpfiles.d file. related to [bnc#811793]

- Use /run instead of /var/run

- update to 1.3.4c

- Added Spanish translation.

- Fixed several mod_sftp issues, including
SFTPPassPhraseProvider, handling of symlinks for
REALPATH requests, and response code logging.

- Fixed symlink race for creating directories when
UserOwner is in effect.

- Increased performance of FTP directory listings.

- rebase and rename patches (remove version string)

- proftpd-1.3.4a-dist.patch -> proftpd-dist.patch

- proftpd-1.3.4a-ftpasswd.patch -> proftpd-ftpasswd.patch

- proftpd-1.3.4a-strip.patch -> proftpd-strip.patch

- fix proftpd.conf (rebase basic.conf patch)

- IdentLookups is now a separate module <IfModule
mod_ident.c> IdentLookups on/off </IfModule> is needed
and module is not built cause crrodriguez disabled it.

- fix for bnc#787884

- added extra Source proftpd.conf.tmpfile

- Disable ident lookups, this protocol is totally obsolete
and dangerous. (add --disable-ident)

- Fix debug info generation ( add --disable-strip)

- Add systemd unit

- update to 1.3.4b

+ Fixed mod_ldap segfault on login when LDAPUsers with no
filters used.

+ Fixed sporadic SFTP upload issues for large files.

+ Fixed SSH2 handling for some clients (e.g. OpenVMS).

+ New FactsOptions directive; see

+ Fixed build errors on Tru64, AIX, Cygwin.

- add Source Signatuire (.asc) file

- add noBuildDate patch

- add lang pkg

- --enable-nls

- add configure option

- --enable-openssl, --with-lastlog

See also :

Solution :

Update the affected proftpd packages.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : false

Family: SuSE Local Security Checks

Nessus Plugin ID: 75173 ()

Bugtraq ID: 62328

CVE ID: CVE-2013-4359

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now