net gezien dat op scoutnet nog een oude versie draait van lftp:
Citaat:
lftp -v
Lftp | Version 2.6.7 | Copyright (c) 1996-2002 Alexander V. Lukyanov
op
linuxsecurity wordt aangeraden om een update te doen naar 2.6.10:
Citaat:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] lftp security update (SSA:2003-346-01)
lftp is a file transfer program that connects to other hosts
using FTP, HTTP, and other protocols.
A security problem with lftp has been corrected with the release
of lftp-2.6.10. New packages are available for Slackware 8.1,
9.0, 9.1, and -current. Any sites using lftp should upgrade to
the new packages.
Here are the details from the Slackware 9.1 ChangeLog:
+--------------------------+
Fri Dec 12 11:12:05 PST 2003
patches/packages/lftp-2.6.10-i486-1.tgz: Upgraded to lftp-2.6.10.
According to the NEWS file, this includes "security fixes in html
parsing code" which could cause a compromise when using lftp to
access an untrusted site.
(* Security fix *)
+--------------------------+