|
 |
|
tinysofa Security Advisory #2004-020
Package Name: rsync Affected Products: tinysofa enterprise server 2.0 Descriptionrsync [0] is a program for synchronizing files over a network. A vulnerability [1] has been reported in rsync, which potentially can be exploited by malicious users to read or write arbitrary files on a vulnerable system. The vulnerability is caused due to an input validation error within the "sanitize_path()" function of the "util.c" file. Successful exploitation requires that the rsync daemon isn't running chrooted. The vulnerability affects version 2.6.2 and prior. ResolutionThe rsync package has been updated to address this vulnerability. References[0] http://samba.org/rsync/ [1] http://samba.org/rsync/#security_aug04 =20 Recommended ActionWe recommend that all systems with these packages installed be upgraded. Location
All tinysofa updates are available from Automatic UpdatesUsers of the APT tool can enjoy having updates automatically installed using 'apt-get upgrade'. Questions?
Check out our mailing lists: Verification
This advisory is signed with the tinysofa security sign key.
All tinysofa packages are signed with the tinysofa stable sign key.
The advisory is available from the tinysofa errata database at Updated PackagesSRPMS606db14378c661b0b5ce1bbb3cd87d52 rsync-2.6.2-2ts.src.rpm i3867d8ea97c366ae496d266b168c9c172ca rsync-2.6.2-2ts.i386.rpm
--  
| |||||||||||||||||||||||||||||||||||||||||||
 |
|
|
|
| All times are recorded in UTC. Linux is a trademark of Linus Torvalds. Powered by Linux, Apache and PHP 
Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia
Legal Notices, Licensing, Reprints, Permissions, Privacy Policy.
Whitepapers and eBooks
Webcasts
Downloads and eKits
|
