ELA-757-1 proftpd-dfsg security update

memory disclosure

2022-12-25
Packageproftpd-dfsg
Version1.3.5e+r1.3.5-2+deb8u8 (jessie), 1.3.5e+r1.3.5b-4+deb9u3 (stretch)
Related CVEs CVE-2021-46854


It was discovered that mod_radius in ProFTPD, a versatile, virtual-hosting FTP daemon, allows memory disclosure to RADIUS servers.



For Debian 8 jessie, these problems have been fixed in version 1.3.5e+r1.3.5-2+deb8u8.

For Debian 9 stretch, these problems have been fixed in version 1.3.5e+r1.3.5b-4+deb9u3.

We recommend that you upgrade your proftpd-dfsg packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.