Fedora Legacy Test Update Notification: rsync

Jesse Keating jkeating at j2solutions.net
Mon May 31 21:19:19 UTC 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Fedora Test Update Notification
FEDORA-2004-1569
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1569
2004-05-31
- ---------------------------------------------------------------------
 
Name            : rsync
Version 7.3     : 2.5.7-1.legacy.7x
Version 9       : 2.5.7-1.legacy.9
Summary         : A program for synchronizing files over a network.
Description :
Rsync uses a reliable algorithm to bring remote and host files into
sync very quickly. Rsync is fast because it just sends the differences
in the files over the network instead of sending the complete
files. Rsync is often used as a very powerful mirroring process or
just as a more capable replacement for the rcp command. A technical
report which describes the rsync algorithm is included in this
package.

 
- ---------------------------------------------------------------------
Update Information:
 
CAN-2004-0426:

rsync before 2.6.1 does not properly sanitize paths when running a
read/write daemon without using chroot, allows remote attackers to
write files outside of the module's path.

- ---------------------------------------------------------------------
Changelog:
 
7.3:

* Wed May 05 2004 Seth Vidal <skvidal at phy.duke.edu> 2.5.7-1.legacy.7x
 
- - apply sanitize path's patch for:
- - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0426
- - Fix for segfault when RSYNC_PROXY port part is too long

9:

 * Tue May 04 2004 Rok Papez <rok.papez at lugos.si> 2.5.7-1.legacy.9
 
- - Fix for segfault when RSYNC_PROXY port part is too long
- - Fix for CAN-2004-0426: not properly sanitizing paths

- ---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/redhat/
 
d4d63c594b993ec4194b2b1145abe71348e984e8  
7.3/updates-testing/SRPMS/rsync-2.5.7-1.legacy.7x.src.rpm
c7960f3fdf5a053c459ee063651470fa95a5dc00  
7.3/updates-testing/i386/rsync-2.5.7-1.legacy.7x.i386.rpm
 
36ab488484efbb6a6c7e03b06b6cc3f9810bdcae  
9/updates-testing/SRPMS/rsync-2.5.7-1.legacy.9.src.rpm
341b5116c4a761b212d00a15e5262a6dc6ca17e3  
9/updates-testing/i386/rsync-2.5.7-1.legacy.9.i386.rpm
 
Please note that this update is also available via yum and apt through the 
updates-testing channel.  Many people find this an easier way to apply 
updates.

- ---------------------------------------------------------------------
- -- 
Jesse Keating RHCE	(http://geek.j2solutions.net)
Fedora Legacy Team	(http://www.fedoralegacy.org)
GPG Public Key		(http://geek.j2solutions.net/jkeating.j2solutions.pub)

Was I helpful?  Let others know:
 http://svcs.affero.net/rm.php?r=jkeating
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAu6FX4v2HLvE71NURApEVAJ41WnakDFtXtHpFT1gu1c3VH6hl4ACeKYsX
0uPUJghzTzpdTYATxMegNhs=
=bRou
-----END PGP SIGNATURE-----

More information about the fedora-legacy-list mailing list