ajua Online
Software, Hardware, Technology
FileZilla 3.1.0.1
Author: ajua24 Jul
Just a day after version 3.1.0 release, Filezilla 3.1.0.1 fixes an important security vulnerability.
FileZilla 3.1.0.1 fixes a vulnerability regarding the way some errors are handled on SSL/TLS secured data transfers.
If the data connection of a transfer gets closed, FileZilla did not check if the server performed an orderly TLS shutdown.
ImpactAn attacker could send spoofed FIN packets to the client. Even though GnuTLS detects this with GNUTLS_E_UNEXPECTED_PACKET_LENGTH, FileZilla did not record a transfer failure in all cases.
Unfortunately not all servers perform an orderly SSL/TLS shutdown. Since this cannot be distinguished from an attack, FileZilla will not be able to download listings or files from such servers.
Latest changes:
- Fix infinite loop in new socket class
- Fix file descriptor/handle leak in new socket class
- Fix locking error if cancelling an operation waiting for a lock held by a different engine
- MSW: In rare cases, initial read event was not triggered on transfer sockets
- Add missing icon in LonE theme
Website 
Download Client | Server
Related Posts:
ajua Software
Featured Content
Recent Posts
Language / Idioma
Navigation
Archives
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
Leave a reply