Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Linux News for Dec 05, 2003

  • Conectiva Linux Advisory: rsync (Nov 02, 2004, 19:30)
    "rsync before 2.6.1 does not properly sanitize paths when running a read and write daemon without using chroot. This could allow a remote attacker to write files outside of the rsync directory, depending on rsync's daemon privileges..."

  • Mandrake Linux Advisory: rsync (Dec 05, 2003, 04:58)
    "This heap overflow vulnerability, by itself, cannot yield root access, however it does allow arbitrary code execution on the host running rsync as a server..."

  • Conectiva Linux Advisory: rsync (Dec 05, 2003, 03:56)
    "This vulnerability specially affects installations where rsync is used as a server/daemon, that is, where it was started with the --daemon command line argument..."

  • Gentoo Linux Advisories: kernel, rsync (Dec 05, 2003, 03:52)
    Two security advisories from the Gentoo team.

  • Red Hat Linux Advisory: rsync (Dec 05, 2003, 02:59)
    "Updated rsync packages are now available that fix a heap overflow in the Rsync server..."

  • Fedora Linux Advisory: rsync (Dec 05, 2003, 02:57)
    "A heap overflow bug exists in rsync versions prior to 2.5.7..."