-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all,
I just rolled up ProFTPD-1.2.8p (p = patched) for the RaQ3, RaQ4, RaQ XTR, RaQ550 and Qube3. These PKGs address the security vulnerability which was announced earlier on http://xforce.iss.net/xforce/alerts/id/154 HOWEVER: There are a few gotchas attached. First of all these PKGs have been put sewn with a hot needle at the end of a workday which started ... uhm ... some 20 hours ago. :o/ Secondly this packages cannot be uninstalled and I can already guarantee that there will be problems is you install the unofficial ProFTPD update now and then (at a later time) the official ProFTPD update from Sun Cobalt on top of it. So this PKGs are only for the impatient power users who are able to manually edit /etc/proftpd.conf once a Sun Cobalt PKG comes out which fixes ProFTPD. Or for those users who willingly want to skip future Sun Cobalt PKGs which contain ProFTPD updates. I really don't know if StackGuard will catch the buffer overflow which this newly detected vulnerability describes. It could possibly be that we're already sufficiently protected due to StackGuard. So it is up to you if you want to take a possibly fatally flawed PKG (which might kill your FTP server), or if you'd like to wait for the official fix. In any case: Be sure to read all the info related to ProFTPD on the download page: http://www.solarspeed.net/downloads/index.php - -- With best regards, Michael Stauber Solarspeed.net Public PGP Key: https://www.solarspeed.net/mstauber.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQE/cO64EcjLwmf9gR4RAiSaAJwMczbon3mGext1asXndSG+pOvD1QCgxZjG x4OnrC6GS/7faho+J5+Z6Kc= =Bi47 -----END PGP SIGNATURE----- _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
