This update for proftpd to version 1.3.5d fixes the following issues:

This security issue was fixed:

- CVE-2017-7418: ProFTPD checked only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link (bsc#1032443).

These non-security issues were fixed:

- Reduce TLS protocols to TLSv1.1 and TLSv1.2
- Disable TLSCACertificateFile
- Add TLSCertificateChainFile
- All FTP logins are treated as anonymous logins again
- SSH rekey during authentication could have caused issues with clients.
- Recursive SCP uploads of multiple directories were not handled properly.
- LIST returned different results for file, depending on path syntax.
- "AuthAliasOnly on" in server config broke anonymous logins.
- Fixed memory leak when mod_facl is used.
- Fix systemd vs SysVinit inconsistency