- Issued:
- 2013-01-07
- Updated:
- 2013-01-07
RHBA-2013:0025 - vsftpd bug fix update
Synopsis
vsftpd bug fix update
Type/Severity
Bug Fix Advisory (none)
Topic
Updated vsftpd packages that fix multiple bugs are now available for Red Hat Enterprise Linux 5.
Description
The vsftpd packages provide the VSFTP (Very Secure File Transfer Protocol) daemon.
This update fixes the following bugs:
-
Prior to this update, the "local_max_rate" option did not work as expected. As a consequence, the transmission speed was significantly lower. This update extends the types of variables for calculating and accumulating the amount of transferred data and postpones the start of evaluation after the tenth. (BZ#795393)
-
Prior to this update, the "ls" command failed to handle the wildcard character "?" correctly. This update modifies the "ls" code so that the "ls" command can now uses the wildcard character "?" as expected. (BZ#799245)
-
Prior to this update, the file transfer on a TLS connection failed after transferring the first files when the "ssl_request_cert" option used the default setting "YES". This update modifies the underlying code so that the file transfer completes as expected. (BZ#804078)
-
Prior to this update, the vsftpd daemon did not correctly handle "EADDRINUSE" errors received from a TCP port on which vsftpd was listening. As a consequence, vsftpd immediately sent an error message to an FTP client instead of retrying to use the port. This update modifies the error handling of vsftpd so that the daemon now retries the port before sending the error message to the FTP client. (BZ#809450)
-
Prior to this update, the vsftpd daemon failed with the message "500 OOPS: vsf_sysutil_bind" when the ports from the range configured for passive mode were occupied. This could occur when repeating the "ls" command on the empty sub-directory in the FTP client. The updated daemon is able to reuse ports from the approved range that are in the state TIME_WAIT and the described failure is no more observed. (BZ#845051)
All users of vsftpd are advised to upgrade to these updated packages, which fix these bugs.
Solution
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for Power, big endian | 5 | ppc |
| Red Hat Enterprise Linux for IBM z Systems | 5 | s390x |
| Red Hat Enterprise Linux Workstation | 5 | x86_64 |
| Red Hat Enterprise Linux Workstation | 5 | i386 |
| Red Hat Enterprise Linux Server | 5 | x86_64 |
| Red Hat Enterprise Linux Server | 5 | ia64 |
| Red Hat Enterprise Linux Server | 5 | i386 |
| Red Hat Enterprise Linux Server from RHUI | 5 | x86_64 |
| Red Hat Enterprise Linux Server from RHUI | 5 | i386 |
Updated Packages
- vsftpd-2.0.5-28.el5.s390x.rpm
- vsftpd-debuginfo-2.0.5-28.el5.x86_64.rpm
- vsftpd-2.0.5-28.el5.i386.rpm
- vsftpd-debuginfo-2.0.5-28.el5.ia64.rpm
- vsftpd-2.0.5-28.el5.x86_64.rpm
- vsftpd-2.0.5-28.el5.ppc.rpm
- vsftpd-debuginfo-2.0.5-28.el5.ppc.rpm
- vsftpd-debuginfo-2.0.5-28.el5.i386.rpm
- vsftpd-2.0.5-28.el5.ia64.rpm
- vsftpd-debuginfo-2.0.5-28.el5.s390x.rpm
- vsftpd-2.0.5-28.el5.src.rpm
Fixes
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.