Upstream have released version 1.3.8b to fix CVE-2023-48795. https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://github.com/proftpd/proftpd/blob/1.3.8/RELEASE_NOTES
Blocks: (none) => 32641
Cauldron is current with version 1.3.8b.
Advisory ======== ProFTPd upstream have released version 1.3.8b to fix CVE-2023-48795. From the changelog: - Implemented mitigations for "Terrapin" SSH attack (CVE-2023-48795). References ========== https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://github.com/proftpd/proftpd/blob/1.3.8/RELEASE_NOTES Files ===== Uploaded to core/updates_testing proftpd-mod_vroot-1.3.8b-1.mga9 proftpd-mod_ban-1.3.8b-1.mga9 proftpd-mod_ctrls_admin-1.3.8b-1.mga9 proftpd-mod_wrap-1.3.8b-1.mga9 proftpd-mod_quotatab-1.3.8b-1.mga9 proftpd-mod_shaper-1.3.8b-1.mga9 proftpd-mod_ldap-1.3.8b-1.mga9 proftpd-mod_radius-1.3.8b-1.mga9 proftpd-mod_sql-1.3.8b-1.mga9 proftpd-mod_tls-1.3.8b-1.mga9 proftpd-mod_sql_passwd-1.3.8b-1.mga9 proftpd-mod_sql_postgres-1.3.8b-1.mga9 proftpd-mod_ifsession-1.3.8b-1.mga9 proftpd-mod_site_misc-1.3.8b-1.mga9 proftpd-mod_tls_shmcache-1.3.8b-1.mga9 proftpd-mod_sql_mysql-1.3.8b-1.mga9 proftpd-mod_ratio-1.3.8b-1.mga9 proftpd-mod_rewrite-1.3.8b-1.mga9 proftpd-mod_sql_sqlite-1.3.8b-1.mga9 proftpd-mod_tls_memcache-1.3.8b-1.mga9 proftpd-mod_autohost-1.3.8b-1.mga9 proftpd-mod_quotatab_sql-1.3.8b-1.mga9 proftpd-mod_case-1.3.8b-1.mga9 proftpd-mod_wrap_sql-1.3.8b-1.mga9 proftpd-mod_memcache-1.3.8b-1.mga9 proftpd-mod_sftp_pam-1.3.8b-1.mga9 proftpd-mod_sftp_sql-1.3.8b-1.mga9 proftpd-mod_wrap_file-1.3.8b-1.mga9 proftpd-mod_unique_id-1.3.8b-1.mga9 proftpd-mod_quotatab_ldap-1.3.8b-1.mga9 proftpd-mod_load-1.3.8b-1.mga9 proftpd-mod_quotatab_radius-1.3.8b-1.mga9 proftpd-mod_quotatab_file-1.3.8b-1.mga9 proftpd-mod_sftp-1.3.8b-1.mga9 proftpd-devel-1.3.8b-1.mga9 proftpd-1.3.8b-1.mga9 from proftpd-1.3.8b-1.mga9.src.rpm
Assignee: smelror => qa-bugs
CC: (none) => marja11Source RPM: (none) => proftpdCVE: (none) => CVE-2023-48795
Advisory from comment 2 added to SVN. Please remove the "advisory" keyword if it needs to be changed. It also helps when obsolete advisories are tagged as "obsolete"
Keywords: (none) => advisory
Created attachment 14229 [details] Log of the install/update Tested in real hardware Mageia 9 x86_64 Install current versions of packages Update to testing versions without issues Setup ftp server with MCC Connect from my i586 system to my x86_64 system Transfer files Look ok for me
MGA9-server Installed updated version (upgrade). No issues. Used it for a little while, no issues.
CC: (none) => brtians1Whiteboard: (none) => MGA9-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0356.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
Blocks: (none) => 32748
Blocks: 32748 => (none)