Conectiva Linux Advisory: rsyncDec 05, 2003, 03:56 (0 Talkback[s])
CONECTIVA LINUX SECURITY ANNOUNCEMENT
rsync versions prior to 2.5.7 have a heap buffer overflow vulnerability which can be exploited by remote attackers to execute arbitrary code.
This vulnerability specially affects installations where rsync is used as a server/daemon, that is, where it was started with the --daemon command line argument.
A new rsync version, 2.5.7, was released by the authors to address this vulnerability.
IMPORTANT: after the update, the rsync server must be restarted manually if it was already running.
Detailed instructions reagarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at
Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en
Copyright (c) 2003 Conectiva Inc.
0 Talkback[s] (click to add your comment)