MGASA-2020-0128

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0128.html

Import Source

https://advisories.mageia.org/MGASA-2020-0128.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2020-0128

Related

CVE-2019-20176
CVE-2019-9274
CVE-2019-9365

Published

2020-03-06T16:13:58Z

Modified

2020-03-06T15:50:00Z

Summary

Updated pure-ftpd packages fix security vulnerabilities

Details

Updated pure-ftpd packages fix security vulnerabilities:

An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookupalias(const char alias) or printaliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c. (CVE-2019-9274).

An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c (CVE-2019-9365).

In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c (CVE-2019-20176).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / pure-ftpd

Package

Name: pure-ftpd
Purl: pkg:rpm/mageia/pure-ftpd?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.47-7.mga7

Ecosystem specific

{
    "section": "core"
}