FileZilla: Multiple vulnerabilities Multiple vulnerabilities have been found in FileZilla, the worst of which could result in arbitrary code execution. filezilla September 15, 2013 September 15, 2013: 1 479880 482672 local, remote 3.7.3 3.7.3

FileZilla is an open source FTP client.

Multiple vulnerabilities have been discovered in FileZilla. Please review the CVE identifiers referenced below for details.

A remote attacker could entice a user to connect to a malicious server, resulting in possible arbitrary code execution or a Denial of Service. Additionally, a local attacker could read sensitive memory, potentially resulting in password disclosure.

There is no known workaround at this time.

All FileZilla users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-ftp/filezilla-3.7.3" CVE-2013-4206 CVE-2013-4207 CVE-2013-4208 CVE-2013-4852 creffett creffett