Synopsis: Important: vsftpd security update
Issue Date: 2011-03-09
CVE Numbers: CVE-2011-0762
—
vsftpd (Very Secure File Transfer Protocol (FTP) daemon) is a secure FTP
server for Linux, UNIX, and similar operating systems.
A flaw was discovered in the way vsftpd processed file name patterns. An
FTP user could use this flaw to cause the vsftpd process to use an
excessive amount of CPU time, when processing a request with a
specially-crafted file name pattern. (CVE-2011-0762)
All vsftpd users should upgrade to this updated package, which contains a
backported patch to correct this issue. The vsftpd daemon must be restarted
for this update to take effect.
—
SL4
x86_64
vsftpd-2.0.1-9.el4.x86_64.rpm
i386
vsftpd-2.0.1-9.el4.i386.rpm
SL5
x86_64
vsftpd-2.0.5-16.el5_6.1.x86_64.rpm
i386
vsftpd-2.0.5-16.el5_6.1.i386.rpm
SL6
x86_64
vsftpd-2.2.2-6.el6_0.1.x86_64.rpm
i386
vsftpd-2.2.2-6.el6_0.1.i686.rpm
– Scientific Linux Development Team
