openSUSE has issued an advisory on January 13: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/VVHALJQJ6EOQ3LXU5PV576XZHRQTOZGI/
Whiteboard: (none) => MGA9TOOSource RPM: (none) => proftpd-1.3.8b-2.mga10.src.rpm, proftpd-1.3.8b-1.mga9.src.rpmCVE: (none) => CVE-2024-48651Status comment: (none) => Fixed upstream in 1.3.8c (1.3.8d fixes another problem)
Status comment: Fixed upstream in 1.3.8c (1.3.8d fixes another problem) => Fixed upstream in 1.3.8c
Suggested advisory: ======================== The updated packages fix a security vulnerability: In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from mod_sql. (CVE-2024-48651) References: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/VVHALJQJ6EOQ3LXU5PV576XZHRQTOZGI/ ======================== Updated packages in core/updates_testing: ======================== proftpd-1.3.8c-1.mga9 proftpd-devel-1.3.8c-1.mga9 proftpd-mod_autohost-1.3.8c-1.mga9 proftpd-mod_ban-1.3.8c-1.mga9 proftpd-mod_case-1.3.8c-1.mga9 proftpd-mod_ctrls_admin-1.3.8c-1.mga9 proftpd-mod_ifsession-1.3.8c-1.mga9 proftpd-mod_ldap-1.3.8c-1.mga9 proftpd-mod_load-1.3.8c-1.mga9 proftpd-mod_memcache-1.3.8c-1.mga9 proftpd-mod_quotatab-1.3.8c-1.mga9 proftpd-mod_quotatab_file-1.3.8c-1.mga9 proftpd-mod_quotatab_ldap-1.3.8c-1.mga9 proftpd-mod_quotatab_radius-1.3.8c-1.mga9 proftpd-mod_quotatab_sql-1.3.8c-1.mga9 proftpd-mod_radius-1.3.8c-1.mga9 proftpd-mod_ratio-1.3.8c-1.mga9 proftpd-mod_rewrite-1.3.8c-1.mga9 proftpd-mod_sftp-1.3.8c-1.mga9 proftpd-mod_sftp_pam-1.3.8c-1.mga9 proftpd-mod_sftp_sql-1.3.8c-1.mga9 proftpd-mod_shaper-1.3.8c-1.mga9 proftpd-mod_site_misc-1.3.8c-1.mga9 proftpd-mod_sql-1.3.8c-1.mga9 proftpd-mod_sql_mysql-1.3.8c-1.mga9 proftpd-mod_sql_passwd-1.3.8c-1.mga9 proftpd-mod_sql_postgres-1.3.8c-1.mga9 proftpd-mod_sql_sqlite-1.3.8c-1.mga9 proftpd-mod_tls-1.3.8c-1.mga9 proftpd-mod_tls_memcache-1.3.8c-1.mga9 proftpd-mod_tls_shmcache-1.3.8c-1.mga9 proftpd-mod_unique_id-1.3.8c-1.mga9 proftpd-mod_vroot-1.3.8c-1.mga9 proftpd-mod_wrap-1.3.8c-1.mga9 proftpd-mod_wrap_file-1.3.8c-1.mga9 proftpd-mod_wrap_sql-1.3.8c-1.mga9 from SRPM: proftpd-1.3.8c-1.mga9.src.rpm
Source RPM: proftpd-1.3.8b-2.mga10.src.rpm, proftpd-1.3.8b-1.mga9.src.rpm => proftpd-1.3.8b-1.mga9.src.rpmStatus comment: Fixed upstream in 1.3.8c => (none)Assignee: bugsquad => qa-bugsVersion: Cauldron => 9Status: NEW => ASSIGNEDWhiteboard: MGA9TOO => (none)
Keywords: (none) => advisory
MGA9-64 Plasma Wayland on Compaq H000SB No installation issues. Ref bug 29449 for testing. Opened firewall for ftp # systemctl start proftpd # systemctl -l status proftpd ● proftpd.service - LSB: ProFTPD FTP server Loaded: loaded (/etc/rc.d/init.d/proftpd; generated) Active: active (running) since Fri 2025-01-17 11:00:52 CET; 5min ago Docs: man:systemd-sysv-generator(8) Process: 4363 ExecStart=/etc/rc.d/init.d/proftpd start (code=exited, status=0/SUCCESS) Tasks: 1 (limit: 8806) Memory: 3.1M CPU: 267ms CGroup: /system.slice/proftpd.service └─4404 "proftpd: (accepting connections)" Jan 17 11:00:52 mach3.hviaene.thuis systemd[1]: Starting proftpd.service... Jan 17 11:00:52 mach3.hviaene.thuis proftpd[4363]: Starting proftpd[ OK ] Jan 17 11:00:52 mach3.hviaene.thuis systemd[1]: Started proftpd.service. Used filezilla to transfer some files, testing in both directions. All worked OK.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA9-64-OK
Validating.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2025-0015.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED