
		wu-ftpd V2.6.2 Patch Kit
		Released on 8/19/03

This patch kit includes wu-ftpd V2.6.2 with security patches applied,
specifically realpath.patch and connect-dos.patch.  The connect-dos.patch
fixes a possible denial of service attack on systems that allow only one
non-connected socket bound to the same local address.  The realpath.patch
fixes an off-by-one error in the fb_realpath() function, which could allow 
attackers to execute arbitrary code via commands that cause pathnames of
length MAXPATHLEN+1 to trigger a buffer overflow.  This off-by-one bug in
the fb_realpath() function is traced by HP as SSRT3606.

This latest update to wu-ftpd V2.6.2 will be shipped with Internet
Express V6.2, which is due to release in December 2003.

To install this patch kit:

	tar xvf wu-ftpd_262_patch.tar

        setld -l . IAEFTP612

