| 1 |
- -------------------------------------------------------------------------- |
| 2 |
GENTOO LINUX SECURITY ANNOUNCEMENT |
| 3 |
- -------------------------------------------------------------------------- |
| 4 |
|
| 5 |
PACKAGE :rsync |
| 6 |
SUMMARY :two bugs found that can cause a possible security flaw |
| 7 |
DATE :2002-01-25 17:32:00 |
| 8 |
VERSIONS :Versions prior too rsync 2.5.1-r1 |
| 9 |
|
| 10 |
- -------------------------------------------------------------------------- |
| 11 |
|
| 12 |
OVERVIEW |
| 13 |
|
| 14 |
|
| 15 |
1# If the client is broken hitting ^C in the middle of the transmission, then |
| 16 |
the server keeps running. |
| 17 |
|
| 18 |
2# When rsync creates local device files, given -a or -D, the major/minor |
| 19 |
numbers are both 0. |
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
DETAIL |
| 24 |
|
| 25 |
Details of the bugs can be found in the following bug reports: |
| 26 |
|
| 27 |
1# http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no\&bug=128632 |
| 28 |
|
| 29 |
2# http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no\&bug=129135 |
| 30 |
|
| 31 |
|
| 32 |
SOLUTION |
| 33 |
|
| 34 |
|
| 35 |
It is recommended that all rsync users apply the update |
| 36 |
|
| 37 |
Portage Auto: |
| 38 |
|
| 39 |
emerge rsync |
| 40 |
emerge update |
| 41 |
emerge update --world |
| 42 |
|
| 43 |
|
| 44 |
Portage by hand: |
| 45 |
|
| 46 |
emerge rsync |
| 47 |
emerge net-misc/rsync |
| 48 |
|
| 49 |
Manually: |
| 50 |
|
| 51 |
There isn't yet a version available at the time that fix these bugs. Patches |
| 52 |
can be found at the bugreports in the details section of this anouncement. |
| 53 |
|
| 54 |
- -------------------------------------------------------------------------- |
| 55 |
Ferry Meyndert |
| 56 |
m0rpheus@×××××××××××××.nu |
| 57 |
- -------------------------------------------------------------------------- |
Archives