openSUSE-SU-2020:0865-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2020:0865-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/openSUSE-SU-2020:0865-1
Upstream
Related
Published
2020-06-25T12:18:25Z
Modified
2026-03-11T07:32:32.284373Z
Summary
Security update for uftpd
Details

This update for uftpd fixes the following issues:

uftpd was updated to version 2.12.

Changes:

  • Use common log message format and log level when user enters an invalid path. This unfortunately affects changes introduced in v2.11 to increase logging at default log level.

Security fixes:

  • CVE-2020-14149: When entering an invalid directory with the FTP command CWD, a NULL ptr was deref. in a DBG() message even though the log level is set to a value lower than LOG_DEBUG. This caused uftpd to crash and cause denial of service. Depending on the init/inetd system used this could be permanent. (boo#1172959)
References

Affected packages

openSUSE:Leap 15.1 / uftpd

Package

Name
uftpd
Purl
pkg:rpm/opensuse/uftpd&distro=openSUSE%20Leap%2015.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.12-lp151.2.6.1

Ecosystem specific 

{
    "binaries": [
        {
            "uftpd": "2.12-lp151.2.6.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2020:0865-1.json"