1.184.2. RHBA-2011:0830: vsftpd bug fix update


An updated vsftpd package that fixes various bugs is now available.
The vsftpd package includes a Very Secure FTP (File Transfer Protocol) daemon.
This updated vsftpd package includes fixes for the following bugs:
* The previous version of vsftpd did not interpret wildcards correctly. As a result, applications relying on the wildcard functionality did not function properly. With this update, supported wildcards ('*' and '?') work as expected. (BZ#517292)
* When specific options were set in the configuration file, vsftpd prematurely closed the connection. This was caused by a child process which was responsible for handling post-auth commands and a patch which influenced the behavior of that child process. With this update, a termination signal is sent to the child process when its parent dies with the result that connections no longer prematurely close. (BZ#530706)
* Under certain circumstances, some clients could hang or behave slow due to a faulty double call to SSL_shutdown() in the ssl_data_close() function. With this update, the call has been fixed and a client no longer hangs or performs slowly. (BZ#556795)
* Prior to this update, vsftpd used the SIGUSR1 signal for signaling between child and parent processes. However, sending the SIGUSR1 signal could cause other applications to misbehave. With this update, the SIGUSR1 signal is only sent when the following parameter is set in the /etc/vsftpd.conf configuration file: "background=YES". (BZ#579317)
* Attempting to authenticate with an empty username and an empty password against a vsftpd server with Kerberos authentication failed and returned the following message: "500 OOPS: zero or big size in vsf_sysutil_malloc". With this update, vsftpd properly handles an attempt to authenticate with empty credentials. (BZ#619731)
* Prior to this update, when using the "use_localtime=YES" option, vsftpd did not take the DST specification into account. This caused the mtime value to be incorrectly interpreted for files that were last modified before the latest DST occurred. With this update, the DST is accounted for. (BZ#676254)
* Virtual guest accounts could be incorrectly logged as anonymous accounts in the xferlog file even if the use of anonymous accounts was disabled. With this update, a virtual guest account is properly logged. (BZ#680823)
All users of vsftpd are advised to upgrade to this updated package, which resolves these issues.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.