- Issued:
- 2012-02-20
- Updated:
- 2012-02-20
RHBA-2011:1541 - lftp bug fix update
Synopsis
lftp bug fix update
Type/Severity
Bug Fix Advisory (none)
Topic
An updated lftp package that fixes various bugs is now available for Red Hat Enterprise Linux 5.
Description
LFTP is a sophisticated file transfer program for the FTP and HTTP protocols. Like bash, it has job control and uses the readline library for input. It has bookmarks, built-in mirroring, and can transfer several files in parallel. It is designed with reliability in mind.
This updated lftp package includes fixes for the following bugs:
-
The GnuTLS library does not support some previously offered TLS ciphers. As a consequence, some users experienced the error message, "Fatal error: gnutls_handshake: A TLS fatal alert has been received", when attempting to use SSL. With this update, it is now possible to force an SSLv3 connection instead of TLS using the "set ftp:ssl-auth SSL" configuration directive for servers without support for any of the TLS ciphers listed. This works both for implicit and explicit FTPS. (BZ#532099)
-
Prior to this update, the lftp client was not able to support "CLEAR COMMAND CHANNEL" (CCC) mode (RFC4217). Without CCC, Layer 7 aware firewalls cannot see the PASV port statements necessary to open the requisite data ports for transfers. This updated package fixes the described weakness and the lftp client supports CCC mode as intended. As a result data transfers through Layer 7 aware firewalls no longer fail in the scenario described. (BZ#570495)
-
Prior to this update, when the lftp client was started with the "-e" option and the mget command was used, the returned exit status code was zero, (success), when creating a connection to a URL had failed due to the specified URL being non-existent. This update applies a patch that improves the error handling in mget. As a result, the lftp client now returns exit status code '1', indicating a failure, when creating a connection fails in the scenario described. (BZ#727435)
All users of lftp are advised to upgrade to this updated package, which fixes these bugs.
Solution
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at This content is not included.https://access.redhat.com/kb/docs/DOC-11259
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for Power, big endian | 5 | ppc |
| Red Hat Enterprise Linux for IBM z Systems | 5 | s390x |
| Red Hat Enterprise Linux Workstation | 5 | x86_64 |
| Red Hat Enterprise Linux Workstation | 5 | i386 |
| Red Hat Enterprise Linux Server | 5 | x86_64 |
| Red Hat Enterprise Linux Server | 5 | ia64 |
| Red Hat Enterprise Linux Server | 5 | i386 |
| Red Hat Enterprise Linux Server from RHUI | 5 | x86_64 |
| Red Hat Enterprise Linux Server from RHUI | 5 | i386 |
| Red Hat Enterprise Linux Desktop | 5 | x86_64 |
| Red Hat Enterprise Linux Desktop | 5 | i386 |
Updated Packages
- lftp-3.7.11-7.el5.s390x.rpm
- lftp-3.7.11-7.el5.i386.rpm
- lftp-3.7.11-7.el5.ia64.rpm
- lftp-3.7.11-7.el5.src.rpm
- lftp-3.7.11-7.el5.x86_64.rpm
- lftp-3.7.11-7.el5.ppc.rpm
Fixes
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.