[Frugalware-security] [ FSA-279 ] rsync

vmiklos noreply at frugalware.org
Sun Sep 23 14:00:11 CEST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frugalware Security Advisory                           FSA-279

Date: 2007-09-23
Package: rsync
Vulnerable versions: <= 2.6.9-1
Unaffected versions: >= 2.6.9-2terminus1
Related bugreport: http://bugs.frugalware.org/task/2371
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091

Description
===========

Sebastian Krahmer has reported a vulnerability in rsync, which can potentially be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an off-by-one error within the &quot;f_name()&quot; function in flist.c and can be exploited to cause a one-byte stack-based buffer overflow via an overly long directory name.

Updated Packages
================

Check if you have rsync installed:

	# pacman-g2 -Q rsync

If found, then you should upgrade to the latest version:

	# pacman-g2 -Sy rsync

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info

iD8DBQFG9lVLZ7NElSD1VhkRApcMAJ9boQ+Jrr5UUh2kI1J73yUVfH9AOwCaA82C
gLQPiudO4aBpwdsKqJ5po1g=
=Iy2Z
-----END PGP SIGNATURE-----


More information about the Frugalware-security mailing list