1 |
- -------------------------------------------------------------------------- |
2 |
GENTOO LINUX SECURITY ANNOUNCEMENT |
3 |
- -------------------------------------------------------------------------- |
4 |
|
5 |
PACKAGE :rsync |
6 |
SUMMARY :two bugs found that can cause a possible security flaw |
7 |
DATE :2002-01-25 17:32:00 |
8 |
VERSIONS :Versions prior too rsync 2.5.1-r1 |
9 |
|
10 |
- -------------------------------------------------------------------------- |
11 |
|
12 |
OVERVIEW |
13 |
|
14 |
|
15 |
1# If the client is broken hitting ^C in the middle of the transmission, then |
16 |
the server keeps running. |
17 |
|
18 |
2# When rsync creates local device files, given -a or -D, the major/minor |
19 |
numbers are both 0. |
20 |
|
21 |
|
22 |
|
23 |
DETAIL |
24 |
|
25 |
Details of the bugs can be found in the following bug reports: |
26 |
|
27 |
1# http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no\&bug=128632 |
28 |
|
29 |
2# http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no\&bug=129135 |
30 |
|
31 |
|
32 |
SOLUTION |
33 |
|
34 |
|
35 |
It is recommended that all rsync users apply the update |
36 |
|
37 |
Portage Auto: |
38 |
|
39 |
emerge rsync |
40 |
emerge update |
41 |
emerge update --world |
42 |
|
43 |
|
44 |
Portage by hand: |
45 |
|
46 |
emerge rsync |
47 |
emerge net-misc/rsync |
48 |
|
49 |
Manually: |
50 |
|
51 |
There isn't yet a version available at the time that fix these bugs. Patches |
52 |
can be found at the bugreports in the details section of this anouncement. |
53 |
|
54 |
- -------------------------------------------------------------------------- |
55 |
Ferry Meyndert |
56 |
m0rpheus@×××××××××××××.nu |
57 |
- -------------------------------------------------------------------------- |