FileZilla: Multiple vulnerabilities
Gentoo Linux Security Advisory
||GLSA 201309-08 / filezilla
||September 15, 2013
||September 15, 2013: 1
All supported architectures
Multiple vulnerabilities have been found in FileZilla, the worst of
which could result in arbitrary code execution.
FileZilla is an open source FTP client.
Multiple vulnerabilities have been discovered in FileZilla. Please
review the CVE identifiers referenced below for details.
A remote attacker could entice a user to connect to a malicious server,
resulting in possible arbitrary code execution or a Denial of Service.
Additionally, a local attacker could read sensitive memory, potentially
resulting in password disclosure.
There is no known workaround at this time.
All FileZilla users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-ftp/filezilla-3.7.3"