[BlueOnyx:23022] Re: Security issue proftpd + deprecation of 5107R/5108R
Dirk Estenfeld
dirk.estenfeld at blackpoint.de
Thu Jul 25 03:07:16 -05 2019
Hello Michael,
I think the mandatory update was good and overdue.
However, this did crash the SSL Config of all SSL enabled pages. It would
have made sense to add /usr/sausalito/sbin/SSL_fixer.pl to the update
package.
Best regards,
Dirk
---
blackpoint GmbH – Friedberger Straße 106b – 61118 Bad Vilbel
-----Ursprüngliche Nachricht-----
Von: Blueonyx <blueonyx-bounces at mail.blueonyx.it> Im Auftrag von Michael
Stauber
Gesendet: Dienstag, 23. Juli 2019 23:55
An: blueonyx at mail.blueonyx.it
Betreff: [BlueOnyx:23018] Re: Security issue proftpd + deprecation of
5107R/5108R
Hi all,
> I recently rolled up a Proftpd for 5210R built from the latest sources.
> I'll grab them again and will publish updated ProFTPds for all
> BlueOnyx versions today.
BlueOnyx 5209R now has an updated ProFTPd v1.3.7-RC1 available via YUM.
I also needed to publish updates for base-ftp-* and swatch to go alongside,
as the configuration option "IdentLookups" has been deprecated and ProFTPd
refuses to start if the config file still has it.
The updated base-ftp-* and swatch take care of that.
BlueOnyx 5207R/5208R versions of these updates are currently being built and
I'll post an update when they are out in the next few hours.
This leaves 5107R and 5108R and that leaves me in an awkward position:
The ProFTPd on it is ancient. The base-ftp module is ancient. In fact the
5107R/5108R code tree hasn't seen *any* updates in 3-4 years. In fact I even
lost track if someone out there is still using it and never went the really
easy route to upgrade them via YUM to 5207R/5208R.
Therefore I have taken the decision to deprecate the old GUI models of
BlueOnyx 5107R/5108R effective immediately. This ProFTPd vulnerability is an
excuse as good as any other.
I'll now release a "blueonyx-yumconf" RPM to the 5107R/5108R YUM
repositories that forces a mandatory upgrade of them to 5207R/5208R
(respectively), which can easily be done via YUM and has been that way for
years. Now is the time to make sure that stragglers don't get left behind
and then get bitten by security bugs.
--
With best regards
Michael Stauber
_______________________________________________
Blueonyx mailing list
Blueonyx at mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5526 bytes
Desc: not available
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20190725/95c12318/attachment.p7s>
More information about the Blueonyx
mailing list