=================================================================== Message du CERT-RENATER (certsvp@renater.fr) =================================================================== Bonjour L'organisation WU-FTPD Development Group qui developpe et maintient le logiciel WU-FTP annonce la sortie d'une nouvelle version de son serveur ftp: la version 2.6.1 Cette nouvelle version devrait prendre en compte la correction du probleme de securite qui a fait l'objet de l'avis CERT-Renater : 2000/ALER009 ainsi que celle d'autres petits problemes de la version precedente. Nous reproduisons ci-dessous l'avis emis par le WU-FTPD Development Group contenant toutes les informations utiles: ******************************************************************* DISTRIBUTION RESTRICTIONS: FOR PUBLIC RELEASE The WU-FTPD Development Group is pleased to announce the release of Version 2.6.1 of the WU-FTPD daemon. This release includes a critical security correction. All sites are strongly advised to upgrade to version 2.6.1 for maximum security. Version 2.6.1 also provides some features and corrections. A summary of the changes appears below. WU-FTPD Version 2.6.1 is available for download from the primary distribution site: ftp://ftp.wu-ftpd.org/pub/wu-ftpd/wu-ftpd-2.6.1.tar.gz ftp://ftp.wu-ftpd.org/pub/wu-ftpd/wu-ftpd-2.6.1.tar.gz.asc ftp://ftp.wu-ftpd.org/pub/wu-ftpd/wu-ftpd-2.6.1.tar.Z ftp://ftp.wu-ftpd.org/pub/wu-ftpd/wu-ftpd-2.6.1.tar.Z.asc MD5 sums for these files are: 60b65efa64568e93d71162de00c2bdd9 wu-ftpd-2.6.1.tar.Z d3830b4628cf30a3714c8e8221c6fee6 wu-ftpd-2.6.1.tar.Z.asc 857ab8504998a753195eb94ac2dc39a4 wu-ftpd-2.6.1.tar.gz 2632ebc5aa5780b550307252d470bbd5 wu-ftpd-2.6.1.tar.gz.asc A full list of international mirrors appears at the end of this email. ########################################################################### Security updates o Fix security leaks that could result in a root shell compromise. o Fix memory leaks in internal ls (this feature still needs more testing; you should probably not use it on high-traffic production servers yet.) o SITE MINFO was missed in 2.6.0 when disabling SITE NEWER. Additions o Merge in the virtual passwd/virtual shadow features of BeroFTPD. Corrections o Fix up the port-allow command in ftpaccess. o Some fixes to the configure script. o Fix documentation of data-limit. Errata o On Tru64 systems with C2 security enabled, real users cannot login. This problem is being worked on. ########################################################################### The PGP signing key for the WU-FTPD Development Group is available from: ftp://ftp.wu-ftpd.org/pub/wu-ftpd/PGP.public.key with MD5 sum 6fc6f7279f833327017bbc3b6e753c96 PGP.public.key ########################################################################### The primary distribution site for the WU-FTPD daemon is: ftp://ftp.wu-ftpd.org/pub/wu-ftpd/ Mirrors are available at the following sites: Australia --------- ftp://ftp.auscert.org.au/pub/mirrors/ftp.wu-ftpd.org/ ftp://mirror.aarnet.edu.au/pub/wu-ftpd/ http://mirror.aarnet.edu.au/pub/wu-ftpd/ Austria ------- ftp://gd.tuwien.ac.at/infosys/servers/ftp/wu-ftpd/ http://gd.tuwien.ac.at/infosys/servers/ftp/wu-ftpd/ Canada ------ ftp://ftp.crc.ca/pub/packages/ftp/servers/wuarchive-ftpd-dg/ Chile ----- (REUNA) ftp://ftp.inf.utfsm.cl/pub/archive-tools/wu-ftpd/ Estonia ------- ftp://ftp.ut.ee/pub/unix/networking/wu-ftpd/ Germany ------- ftp://ftp.dpn.de/pub/mirrors/wu-ftpd/ ftp://ftp.tu-clausthal.de/pub/mirror/wu-ftpd/ ftp://ftp.freenet.de/pub/ftp.wu-ftpd.org/pub/ ftp://ftp.uni-bayreuth.de/pub/netsoftware/ftp/wu-ftpd/ Greece ------ ftp://ftp.hol.gr/pub/packages/wu-ftpd/ Hungary ------- ftp://ftp.ahol.com/pub/mirrors/wu-ftpd/ ftp://ftp.kfki.hu/pub/infosystems/wu-ftpd/ Iceland ------- ftp://ftp.gm.is/pub/wu-ftpd/ Ireland ------- ftp://ftp.medianet.ie/mirrors/ftp.wu-ftpd.org/pub/wu-ftpd/ Israel ------ ftp://ftp.tau.ac.il/pub/unix/ftp/wu-ftpd/ Japan ----- Ring Server Project ------------------- ftp://ftp.ring.gr.jp/pub/net/wu-ftpd/ http://www.ring.gr.jp/archives/net/wu-ftpd/ ftp://ring.aist.go.jp/pub/net/wu-ftpd/ http://ring.aist.go.jp/archives/net/wu-ftpd/ ftp://ring.asahi-net.or.jp/pub/net/wu-ftpd/ http://ring.asahi-net.or.jp/archives/net/wu-ftpd/ ftp://ring.so-net.ne.jp/pub/net/wu-ftpd/ http://ring.so-net.ne.jp/archives/net/wu-ftpd/ ftp://ring.nacsis.ac.jp/pub/net/wu-ftpd/ http://ring.nacsis.ac.jp/archives/net/wu-ftpd/ ftp://ring.etl.go.jp/pub/net/wu-ftpd/ http://ring.etl.go.jp/archives/net/wu-ftpd/ Other Japan sites ----------------- ftp://ftp.win.ne.jp/pub/network/wu-ftpd/ ftp://mirror.nucba.ac.jp/mirror/wu-ftpd/ http://mirror.nucba.ac.jp/mirror/wu-ftpd/ ftp://ftp.cin.nihon-u.ac.jp/pub/net/ftp/wu-ftpd-vr/ ftp://ftp.riken.go.jp/pub/net/wu-ftpd/ http://SunSITE.sut.ac.jp/pub/archives/packages/wu-ftpd/ ftp://SunSITE.sut.ac.jp/pub/archives/packages/wu-ftpd/ Norway ------ ftp://ftp.bitcon.no/pub/unix/networking/wu-ftpd/ http://archive.bitcon.no/pub/unix/networking/wu-ftpd/ Poland ------ ftp://ftp.task.gda.pl/pub/unix/ftp/wu-ftpd-vr/ ftp://giswitch.sggw.waw.pl/pub/unix/wu-ftpd/ Spain ----- ftp://ftp.upc.es/pub/wu-ftpd/ Sweden ------ ftp://ftp.sunet.se/pub/nir/ftp/servers/wuarchive-ftpd/ http://ftp.sunet.se/pub/nir/ftp/servers/wuarchive-ftpd/ Switzerland ----------- ftp://sunsite.cnlab-switch.ch/mirror/wu-ftpd/ Taiwan ------ ftp://ftp.nchu.edu.tw/pub/packages/wu-ftpd/ http://pds.nchu.edu.tw/pub/packages/wu-ftpd/ ftp://coda.nctu.edu.tw/pub/UNIX/wu-ftpd/ Turkey ------ ftp://ftp.ulak.net.tr/pub/wu-ftpd/ http://ftp.ulak.net.tr/pub/wu-ftpd/ United Kingdom -------------- ftp://sunsite.org.uk/Mirrors/ftp.vr.net/pub/wu-ftpd/ http://sunsite.org.uk/Mirrors/ftp.vr.net/pub/wu-ftpd/ ftp://ftp.ox.ac.uk/pub/comp/security/COAST/mirrors/ftp.vr.net/ ftp://ftp.plig.org/pub/wu-ftpd/ United States ------------- New York -------- ftp://ftp.academy.rpi.edu/pub/wu-ftpd/ Ohio ---- ftp://ftp.wu-ftpd.org/pub/wu-ftpd/ Texas ----- ftp://ftp.landfield.com/wu-ftpd/wu-ftpd.org/ http://www.landfield.com/wu-ftpd/wu-ftpd.org/ ******************************************************************* Cordialement, ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================