I had a question about CVE-2016-3125 in regards to Centos 6.7. It's for proftpd, the details of the CVE say before 1.3.5b and 1.3.6rc2. However it seems the most up-to-date rpm from the CentOS repo is 1.3.3g-8.el6 I can't find if 1.3.3g-8.el6 is effected at all by this CVE, it is a previous version, however it's not listed as an effected version either. Also I know with Red Hat sometimes rolls up security patches into older RPMs. Any information on this would be helpful. Thanks guys!
Reference:
https://www.cvedetails.com/cve/CVE-2016-3125/
[SOLVED] CVE-2016-3125 (proftpd)
Re: CVE-2016-3125
There is no proftpd in CentOS 6. Perhaps you are using the EPEL package of proftpd, in which case you should follow this bug entry for any updates: https://bugzilla.redhat.com/show_bug.cg ... -2016-3125
edit: Or rather this one, which states that the bug was fixed in proftpd-1.3.3g-9.el6. Perhaps you should do a yum update --enablerepo=epel-testing
edit: Or rather this one, which states that the bug was fixed in proftpd-1.3.3g-9.el6. Perhaps you should do a yum update --enablerepo=epel-testing
Re: CVE-2016-3125
Yep,
That's what it was and that updated without issue. Thanks avij!
That's what it was and that updated without issue. Thanks avij!