Overview

File _patchinfo of Package patchinfo.25943

<patchinfo incident="25943">
  <issue tracker="bnc" id="1187686">VUL-0: vsftpd: Enforce security checks against ALPACA attack</issue>
  <issue tracker="bnc" id="1052900">[FIPS] vsftpd doesn't work with SSL enabled: SSL23_GET_SERVER_HELLO:unknown protocol</issue>
  <issue tracker="bnc" id="1021387">vsftpd with SSL enabled fails with: OOPS: not a normal exit in vsf_sysutil_wait_get_exitcode</issue>
  <issue tracker="bnc" id="786024">vsftpd broken: audit_log_acct_message() failed: Operation not permitted</issue>
  <issue tracker="bnc" id="1187678">VUL-0: CVE-2021-3618: ALPACA Attack Tracker</issue>
  <issue tracker="jsc" id="PM-3322" />
  <issue tracker="cve" id="2021-3618"/>
  <packager>psimons</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for vsftpd</summary>
  <description>This update for vsftpd fixes the following issues:

- CVE-2021-3618: Enforced security checks against ALPACA attack (bsc#1187678, bsc#1187686, PM-3322).

Bugfixes:
- Fixed a seccomp failure in FIPS mode when SSL was enabled (bsc#1052900).
- Allowed wait4() to be called so that the broker can wait for its child processes (bsc#1021387).
- Allowed sendto() syscall when /dev/log support is enabled (bsc#786024).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places