search.internet.com

Become a Marketplace Partner internet.commerce Be a Commerce Partner Linux Today Enterprise Linux Today Apache Today JustLinux.com Linux Planet PHPBuilder All Linux Devices Technology Jobs LinuxToday Newsletters Subscribe News Subscribe PR Subscribe Security internet.com IT Developer Internet News Small Business Personal Technology Search internet.com Advertise Corporate Info Newsletters Tech Jobs E-mail Offers

Current Newswire: Freedom is not Free for Countries nor Computer Users Eyecandy Themes For Ubuntu - Download directly from Synaptic - No More Hassles Sifting Through Billions and Billions of Bytes Miro 2.0 - Watch TV Podcasts and Videos in HD Hands off the Gimp Course: Using LDAP Bazaar for Subversion users, part 1 - the basics Firefox 3.5 - A Really Impressive Release Linux Migration Guide: Finding Linux Equivalents to Your Favorite Windows Programs Tiny Core Linux 2.1 Review Senior Windows Engineer (NC) Next Step Systems US-NC-Charlotte Post A Job | Post A Resume Netwosix Linux Advisory: rsync Aug 17, 2004, 19 :29 UTC (0 Talkback[s]) (1837 reads) Netwosix Linux Security Advisory #2004-0017 <http://www.netwosix.org> Package name: rsync Summary: Exposure of System Information Date: 2004-08-17 Affected versions: Netwosix 1.0 Netwosix 1.1 Package description: rsync is an open source utility that provides fast incremental file transfer. rsync is freely available under the GNU General Public License version 2 Problem description: There is a path-sanitizing bug that affects daemon mode in all recent rsync versions (including 2.6.2) but only if chroot is disabled. It does NOT affect the normal send/receive filenames that specify what files should be transferred (this is because these names happen to get sanitized twice, and thus the second call removes any lingering leading slash(es) that the first call left behind). It does affect certain option paths that cause auxilliary files to be read or written. Action: We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system. Location: You can download the latest version of this package in NEPOTE format from: <http://download.netwosix.org/0017/nepote> Nepote Update See this instructions to update the port of this package: # cd $somewhere # wget http://download.netwosix.org/0017/nepote # sh nepote (to install the new and updated package) References Specific references for this advisory: http://samba.org/rsync/#security_aug04 About Linux Netwosix: Linux Netwosix is a powerful and optimized Linux distribution for servers and Network Security related jobs. It can also be used for special operations such as penetration testing with its big collection of security oriented software and sources. It's a light distribution created for the requirements of every SysAdmin and it's very portable and highly configurable. Our philosophy is to give greater liberty for configuration to the SysAdmin. Only in this way can he/she configure a powerful and stable server machine. Linux Netwosix also has a powerful ports system (Nepote) similar to the xBSD systems but more flexible and usable. Questions? Check out our mailing lists: <http://www.netwosix.org/mailing.html> The advisory itself is available at <http://www.netwosix.org/adv17.html> MD5sums of the packages: a9769682900f49755934f0def030153a 0017/nepote -- Vincenzo Ciaglia Linux Netwosix Team <http://www.netwosix.org> Complete Story No talkbacks posted.   Home | Search Talkbacks | Customize View    Top of Page   Enter your comments below: * Your Name: * Your Email Address: * Subject: CC: [will also send this talkback to an E-Mail address] * Comments: Tags allowed:<I>,<B> and <U>. See our talkback-policy for more about talkback content. Fields marked with * are required!

All times are recorded in UTC. Linux is a trademark of Linus Torvalds. Powered by Linux, Apache and PHP Search: WebMediaBrands Corporate Info Legal Notices, Licensing, Reprints, Permissions, Privacy Policy. Advertise | Newsletters | Shopping | E-mail Offers | Freelance Jobs Solutions Whitepapers and eBooks Whitepaper: Introducing the Azure Services Platform Whitepaper: Introduction to Microsoft .NET Services for Developers Whitepaper: Securing Microsoft's Cloud Infrastructure Internet.com eBook: Becoming a Better Project Manager Microsoft Partner Portal: What Azure Means for Microsoft Partners Internet.com eBook: Web Development Frameworks for Java Internet.com eBook: Developing a Content Management System Strategy Article: Ten Things IT Professionals Should Know About Windows 7 MORE WHITEPAPERS, EBOOKS, AND ARTICLES Webcasts Get Started with .NET Services MORE WEBCASTS, PODCASTS, AND VIDEOS Downloads and eKits Amyuni: PDF & PDF/A Engine for .NET and ActiveX Apps Red Gate Free Trial: SQL Toolbelt Iron Speed Designer Application Generator Download Award-Winning Red Gate SQL Backup Pro MORE DOWNLOADS, EKITS, AND FREE TRIALS Tutorials and Demos Internet.com Hot List: Get the Inside Scoop on the Hottest IT and Developer Products Internet.com Hot List: Java EE 6 Platform Highlights the JavaOne Conference MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES