-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  (FALSE ALARM ON) ncftp (SSA:2005-135-02)

Hey folks,

An advisory recently went out on NcFTP, but it appears that the issue
in question was fixed long ago in version 3.1.5, released on 2002-10-13.

I received an email at security@slackware.com from a well-meaning user
informing me that 3.1.9 had a security issue that was going unpatched:

> I just noticed that there is a new security update (version 3.1.9) for
> NcFTP client available, but the current Slacware Package Browser lists
> version ncftp-3.1.8-i486-1.

I then went to www.ncftp.com to verify this, and managed to misread the
site, thinking that an old security advisory pertained to 3.1.9.  I
imagine that's the same thing that happened to the person who wrote to
me.

Anyway, just to let you all know that if you already have 3.1.5 or newer
that there aren't any security issues affecting you that I'd consider
worth an advisory.  My apologies if this has been an inconvenience to
any Slackware users, or if the fine people at NcFTP or other
distributions have had to answer any questions about this.  I'll try to
read more carefully next time.  :-)

Take care,

Pat 


+-----+

Slackware: 2005-135-02: (FALSE ALARM ON) ncftp Security Update

May 16, 2005
Hey folks, An advisory recently went out on NcFTP, but it appears that the issue in question was fixed long ago in version 3.1.5, released on 2002-10-13

Summary

Where Find New Packages

MD5 Signatures

Severity
[slackware-security] (FALSE ALARM ON) ncftp (SSA:2005-135-02)
Hey folks,
An advisory recently went out on NcFTP, but it appears that the issue in question was fixed long ago in version 3.1.5, released on 2002-10-13.
I received an email at security@slackware.com from a well-meaning user informing me that 3.1.9 had a security issue that was going unpatched:
> I just noticed that there is a new security update (version 3.1.9) for > NcFTP client available, but the current Slacware Package Browser lists > version ncftp-3.1.8-i486-1.
I then went to www.ncftp.com to verify this, and managed to misread the site, thinking that an old security advisory pertained to 3.1.9. I imagine that's the same thing that happened to the person who wrote to me.
Anyway, just to let you all know that if you already have 3.1.5 or newer that there aren't any security issues affecting you that I'd consider worth an advisory. My apologies if this has been an inconvenience to any Slackware users, or if the fine people at NcFTP or other distributions have had to answer any questions about this. I'll try to read more carefully next time. :-)
Take care,
Pat

Installation Instructions

Related News

Google Releases Chrome 130 with Critical Security Fixes for 17 Flaws
3 - 5 min read
Google recently unveiled Chrome 130 , an update that addresses several security vulnerabilities to ensure the web browser's safety and reliability.
U.S. Investigation into China-Backed Telecom Companies Hack: The Role & Risks of Encryption Backdoors
3 - 5 min read
U.S. authorities are on high alert as they investigate an alleged Chinese state-sponsored hack targeting major U.S. telecommunications companies.
FASTCash Linux Malware: A New Cybercrime Menace Targeting Payment Switch Systems
3 - 5 min read
As malware threats evolve to increasingly target Linux systems, admins and organizations must stay up-to-date on the latest Linux malware variants
Optimizing CWPP on Linux Servers: Best Practices and Configurations
3 - 6 min read
Cloud Workload Protection Platforms are now essential for securing virtual environments. These provide a robust security layer vital for addressing
The Infiltration of Supply Chain Attacks in Open-Source Software Management
3 - 6 min read
Open-source projects are renowned for their collaborative nature and widespread adoption, yet more sophisticated supply chain attacks target them
Strengthen Your Linux Software Development Pipeline with Code Security Scanners
3 - 6 min read
Developers recognize the critical nature of protecting software systems as cyberattacks grow more sophisticated, thus necessitating robust security
Everything You Need to Know About Cloud Security Posture Management
3 - 5 min read
Many companies are transitioning from physical servers to cloud operations, but this transformation brings new challenges. Cloud Security Posture
Understanding the Critical Oath-Toolkit Vulnerability and Its Implications for Admins
3 - 5 min read
As Linux security threats advance and evolve, vulnerabilities often surface unexpectedly, exposing systems to potential exploitation. SUSE

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved