- Issued:
- 2012-02-20
- Updated:
- 2012-02-20
RHBA-2012:0187 - vsftpd bug fix and enhancement update
Synopsis
vsftpd bug fix and enhancement update
Type/Severity
Bug Fix Advisory
Topic
An updated vsftpd package that fixes three bugs and adds three enhancements is now available for Red Hat Enterprise Linux 5.
Description
The vsftpd package includes a Very Secure FTP (File Transfer Protocol) daemon.
This update fixes the following bugs:
-
The "delay_failed_login" and "max_login_fails" options, which can be set in the vsftpd.conf file, did not work correctly. Consequently, the user had an unlimited number of login attempts if the "userlist_enabled=YES" and "userlist_deny=NO" rules were specified in the vsftpd.conf file. The vsftpd daemon now properly uses a delay between two unsuccessful login attempts and also refuses any connection after a specified number of unsuccessful login attempts. (BZ#513828)
-
The vsftpd daemon did not handle file transfer failures correctly if the ftp-data port was blocked on the FTP client. As a consequence, vsftpd became unresponsive under these circumstances. The updated vsftpd daemon now reports such failures to the FTP client and the data transfer is terminated as expected. (BZ#717409)
-
An attempt to list files could lead to a data type overflow error if a directory contained files with owner's UID or GID that was higher then the maximum value of the "signed int" data type (that is 2147483647). Subsequently, the FTP connection was terminated. With this update, vsftpd has been modified to support UIDs and GIDs up to the maximum value of the "unsigned int" data type (that is 4294967294). Directory content is now listed as expected in the scenario described. (BZ#759364)
In addition, this update adds the following enhancements:
-
The vsftpd server previously did not support the UTF-8 feature. This update implements the UTF-8 feature for the vsftpd server in accordance with the Internationalization of the File Transfer Protocol (RFC 2640) standard. (BZ#638873)
-
The "ls" command previously did not support square brackets as wildcard characters in FTP connections. This update improves wildcard characters support in vsftpd and square brackets can now be used in regular expressions with the "ls" command accordingly. (BZ#641239)
-
With this update, vsftpd introduces the new "ssl_request_cert" option, which enables vsftpd to request certificates on incoming SSL connections. (BZ#644083)
All users of vsftpd are advised to upgrade to this updated package, which fixes these bugs and adds these enhancements.
Solution
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at This content is not included.https://access.redhat.com/kb/docs/DOC-11259
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for Power, big endian | 5 | ppc |
| Red Hat Enterprise Linux for IBM z Systems | 5 | s390x |
| Red Hat Enterprise Linux Workstation | 5 | x86_64 |
| Red Hat Enterprise Linux Workstation | 5 | i386 |
| Red Hat Enterprise Linux Server | 5 | x86_64 |
| Red Hat Enterprise Linux Server | 5 | ia64 |
| Red Hat Enterprise Linux Server | 5 | i386 |
| Red Hat Enterprise Linux Server from RHUI | 5 | x86_64 |
| Red Hat Enterprise Linux Server from RHUI | 5 | i386 |
Updated Packages
- vsftpd-2.0.5-24.el5.s390x.rpm
- vsftpd-2.0.5-24.el5.i386.rpm
- vsftpd-2.0.5-24.el5.ia64.rpm
- vsftpd-2.0.5-24.el5.x86_64.rpm
- vsftpd-2.0.5-24.el5.src.rpm
- vsftpd-2.0.5-24.el5.ppc.rpm
Fixes
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.