CrushFTP Product Security Update Advisory

Apr 26 2024

Overview

An update has been made available to address a vulnerability in the CrushFTP product. users of affected versions are advised to update to the latest version.

Affected Products

CrushFTP versions prior to 11.1.0 (except 10.7.1)

Resolved Vulnerabilities

Vulnerability that could allow system files to be read or remote code execution by escaping the VFS (CVE-2024-4040)

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CrushFTP versions 11.1.0, 10.7.1, and 10.7.1

Referenced Sites

[1] CVE-2024-4040 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-4040

[2] April 19th, 2024 – CVE-2024-4040

https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update

[3] Minimum safe CrushFTP version is 10.7.1. (Regularly updating is critical and we make that as easy as possible.)#

https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update

CrushFTP Product Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

GNU C Library Security Update Advisory

Dell Family April 2024 Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

GNU C Library Security Update Advisory

Dell Family April 2024 Security Update Advisory