SSH authentication fails for many clients due to receiving of SSH_MSG_IGNORE packet
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
proftpd (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Xenial |
Incomplete
|
Undecided
|
Unassigned | ||
Bionic |
Incomplete
|
Undecided
|
Unassigned | ||
Eoan |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
This bug has been brought to my attention the following:
There is a Debian bug report
https:/
The proftpd-basic package suffers from this bug. The impact is very widespread. Every person that uses Filezilla client version greater than 3.46.1 cannot connect to any Ubuntu server using this proftpd package due to the bug.
As you see in the link above, there is a patch for Debian. So is it possible that the support team can get this functionality bug and security fix implemented in Xenial and Bionic?
https:/
# Proftpd
$ git describe --contains 3d17c8419
v1.3.7rc3~25^2
proftpd-basic | 1.3.5a-1ubuntu0.1 | xenial-
proftpd-basic | 1.3.5e-1build1 | bionic/universe
proftpd-basic | 1.3.6-4 | disco/universe
proftpd-basic | 1.3.6-6build2 | eoan/universe
proftpd-basic | 1.3.6c-2 | focal/universe
Focal has the patch already:
./f/proftpd-
# Filezilla
filezilla | 3.15.0.2-1ubuntu1 | xenial/universe
filezilla | 3.28.0-1 | bionic/universe
filezilla | 3.39.0-2 | disco/universe
filezilla | 3.39.0-2 | eoan/universe
filezilla | 3.46.3-1build1 | focal/universe
Reference:
https:/
http://
tags: | added: sts |
description: | updated |
description: | updated |
Changed in proftpd (Ubuntu): | |
status: | New → Fix Released |
description: | updated |
description: | updated |
description: | updated |
Changed in proftpd (Ubuntu Xenial): | |
status: | New → Incomplete |
Changed in proftpd (Ubuntu Bionic): | |
status: | New → Incomplete |
Changed in proftpd (Ubuntu Eoan): | |
status: | New → Incomplete |
For now I don't see the point to fix other Ubuntu releases as only focal contains filezilla "3.46" and Focal also already got the proftpd-basic fix.
Focal: dfsg-1. 3.6c/debian/ patches/ upstream_ 4385
proftpd-
Upstream bug mentionned:
All my users that use the filezilla client 3.46.1+ fail to connect to my
proftpd server. I tested the problem exist on debian jessie and debian etch
proftpd and filezilla 3.46.2 and 3.46.3
Please provide more context if I'm wrong here, but so far this is what I understand from it.
- Eric