========================================================================== Ubuntu Security Notice USN-4515-1 September 17, 2020 pure-ftpd vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Pure-FTPd could be made to expose sensitive information if it recieved specially crafted input. Software Description: - pure-ftpd: Secure and efficient FTP server Details: Antonio Norales discovered that Pure-FTPd incorrectly handled directory aliases. An attacker could possibly use this issue to access sensitive information. (CVE-2020-9274) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: pure-ftpd 1.0.36-3.2+deb8u1build0.16.04.1 pure-ftpd-common 1.0.36-3.2+deb8u1build0.16.04.1 pure-ftpd-ldap 1.0.36-3.2+deb8u1build0.16.04.1 pure-ftpd-mysql 1.0.36-3.2+deb8u1build0.16.04.1 pure-ftpd-postgresql 1.0.36-3.2+deb8u1build0.16.04.1 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4515-1 CVE-2020-9274 Package Information: https://launchpad.net/ubuntu/+source/pure-ftpd/1.0.36-3.2+deb8u1build0.16.04.1