This is an old revision of the document!
Slackware-14.1 ChangeLog (2018-08-02)
Thu Aug 2 20:12:10 UTC 2018
Packages
Upgraded
- patches/packages/lftp-4.8.4-i486-1_slack14.1.txz
It has been discovered that lftp up to and including version 4.8.3 does
not properly sanitize remote file names, leading to a loss of integrity
on the local system when reverse mirroring is used. A remote attacker
may trick a user to use reverse mirroring on an attacker controlled FTP
server, resulting in the removal of all files in the current working
directory of the victim's system.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10916
(* Security fix *)