Recommended update for vsftpd

Announcement ID: SUSE-RU-2017:1319-1
Rating: low
References:
Affected Products:
  • Security Module for SUSE Linux Enterprise 11 11-SP3
  • SLES for SAP Applications 11-SP4
  • SUSE Linux Enterprise Server 11 SP4

An update that has two fixes can now be installed.

Description:

This update for vsftpd provides the following fix:

  • Fix interoperability with ftp clients when vsftpd is configured with option "use_localtime=YES" (bsc#1024961)
  • Enable ECDH based perfect forward secrecy in the SSL mode and use the "DEFAULT" openssl cipher list as default instead of 3DES.

This update also provides a new vsftpd-openssl1 package in the SECURITY Module, to offer TLS 1.2 support, which can be installed additionaly.

If you are using vsftpd started from sysvinit, the sysvinit init script will select the TLS 1.2 version automatically when the package is installed.

If you are using vsftpd started from the XINETD service file, please change the "server" value in the /etc/xinetd.d/vsftpd file from /usr/sbin/vsftpd to /opt/suse/sbin/vsftpd.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • Security Module for SUSE Linux Enterprise 11 11-SP3
    zypper in -t patch secsp3-vsftpd-13108=1
  • SUSE Linux Enterprise Server 11 SP4
    zypper in -t patch slessp4-vsftpd-13108=1
  • SLES for SAP Applications 11-SP4
    zypper in -t patch slessp4-vsftpd-13108=1

Package List:

  • Security Module for SUSE Linux Enterprise 11 11-SP3 (s390x x86_64 i586 ppc64 ia64)
    • vsftpd-openssl1-2.0.7-4.43.1
  • SUSE Linux Enterprise Server 11 SP4 (s390x x86_64 i586 ppc64 ia64)
    • vsftpd-2.0.7-4.43.1
  • SLES for SAP Applications 11-SP4 (ppc64 x86_64)
    • vsftpd-2.0.7-4.43.1

References: