1.184.2. RHBA-2011:0830: vsftpd bug fix update
An updated vsftpd package that fixes various bugs is now available.
The vsftpd package includes a Very Secure FTP (File Transfer Protocol) daemon.
This updated vsftpd package includes fixes for the following bugs:
* The previous version of vsftpd did not interpret wildcards correctly. As a result, applications relying on the wildcard functionality did not function properly. With this update, supported wildcards ('*' and '?') work as expected. (BZ#517292)
* When specific options were set in the configuration file, vsftpd prematurely closed the connection. This was caused by a child process which was responsible for handling post-auth commands and a patch which influenced the behavior of that child process. With this update, a termination signal is sent to the child process when its parent dies with the result that connections no longer prematurely close. (BZ#530706)
* Under certain circumstances, some clients could hang or behave slow due to a faulty double call to SSL_shutdown() in the ssl_data_close() function. With this update, the call has been fixed and a client no longer hangs or performs slowly. (BZ#556795)
* Prior to this update, vsftpd used the SIGUSR1 signal for signaling between child and parent processes. However, sending the SIGUSR1 signal could cause other applications to misbehave. With this update, the SIGUSR1 signal is only sent when the following parameter is set in the /etc/vsftpd.conf configuration file: "background=YES". (BZ#579317)
* Attempting to authenticate with an empty username and an empty password against a vsftpd server with Kerberos authentication failed and returned the following message: "500 OOPS: zero or big size in vsf_sysutil_malloc". With this update, vsftpd properly handles an attempt to authenticate with empty credentials. (BZ#619731)
* Prior to this update, when using the "use_localtime=YES" option, vsftpd did not take the DST specification into account. This caused the mtime value to be incorrectly interpreted for files that were last modified before the latest DST occurred. With this update, the DST is accounted for. (BZ#676254)
* Virtual guest accounts could be incorrectly logged as anonymous accounts in the xferlog file even if the use of anonymous accounts was disabled. With this update, a virtual guest account is properly logged. (BZ#680823)
All users of vsftpd are advised to upgrade to this updated package, which resolves these issues.