Linux Compatible
  • News
    • Channels
    • Archive
    • Search
    • Submit
  • Articles
    • Categories
  • Knowledgebase
  • Compatibility
    • Search
  • Links
  • Forums
  • Twitter
Advertisement

Latest News
[ Windows | Linux | Apple ]

· Nvidia GeForce GTX 1660 Ti Reviews and more
· NVIDIA 418.43 Linux Display Drivers released
· Windows 10 Insider Preview Build 18343 and Build 18841 released
· NVIDIA Geforce Game Ready Driver 419.17 WHQL
· Iscsi-initiator-utils Bug Fix Update for Oracle Linux 6
· Rssh Security Update for Debian 9
· Bind Security Update for Ubuntu Linux
· Build, Mosquitto, Nodejs6, GraphicsMagick Updates for openSUSE
· Adrenalin Software Edition 19.2.2 Driver Performance Analysis using the Red Devil RX 590 and more
· GNOME 3.32 Beta 2 released

Linux Compatibility
· Brother DCP-L2540DN
· Sound Blaster E5
· WD Elements 500GB external hard drive
· Canon D660U Flatbad scanner
· Umax Astra 4500 USB Scanner
· Logitech QuickCam Pro 4000
· Dell Latitude E6420
· Creative Sound Blaster Z
· Photosmart 5520
· TB-5300 Slimline Design Tablet

New Forum Topics
· Dale
by: Dale Blinco
on: 2018-02-05 00:26
1 replies, 4050 views

· modem driver needed
by: jongiffen777
on: 2017-12-13 11:11
1 replies, 5789 views

· Need a decent browser for XP Pro!
by: percy
on: 2017-12-05 11:02
2 replies, 7191 views

· Comodo Time Machine + Faronics Deep Freeze
by: Jabberwocky
on: 2017-11-15 23:17
1 replies, 5706 views

· Linux compatablity
by: ibme
on: 2017-10-04 18:05
1 replies, 7643 views

News Channels
· Drivers
· Guides
· Reviews
· Security
· Software
· Press Release
· Updates
· Interviews
· Linux
· General
· Debian
· Red Hat
· Slackware
· Gentoo
· Mandriva
· White Box
· SUSE
· GNOME
· KDE
· CentOS
· Ubuntu
· MEPIS
· Android
· Oracle Linux
· Arch Linux

What's New
Login to see an overview of all news stories since your last visit.

Welcome to our website

To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.

Linux Compatible » News » August 2007 » USN-500-1: rsync vulnerability

USN-500-1: rsync vulnerability

Posted by Bob on: 08/20/2007 11:45 PM [ Print | 0 comment(s) ]

A new rsync vulnerability update is available for Ubuntu Linux. Here the announcement:




Ubuntu Security Notice USN-500-1 August 20, 2007
rsync vulnerability
CVE-2007-4091
==========================
==========================
=========

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
rsync 2.6.6-1ubuntu2.1

Ubuntu 6.10:
rsync 2.6.8-2ubuntu3.1

Ubuntu 7.04:
rsync 2.6.9-3ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Sebastian Krahmer discovered that rsync contained an off-by-one
miscalculation when handling certain file paths. By creating a specially
crafted tree of files and tricking an rsync server into processing them,
a remote attacker could write a single NULL to stack memory, possibly
leading to arbitrary code execution.


Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.6-1ubuntu=
2.1.diff.gz
Size/MD5: 55161 6cd634cb545886794ed771279df893e9
http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.6-1ubuntu=
2.1.dsc
Size/MD5: 561 7324148228173c642ca48092b09321ca
http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.6.orig.ta=
r.gz
Size/MD5: 690066 30c4e2849cbeae93f55548453865c2f2

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.6-1ubuntu=
2.1_amd64.deb
Size/MD5: 237356 3c9887ee275f3bd3a84589dc326f73f9

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.6-1ubuntu=
2.1_i386.deb
Size/MD5: 219748 89dfc44e3c8a5f897b3146391189de51

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.6-1ubuntu=
2.1_powerpc.deb
Size/MD5: 238266 3c8ffb7ddb73b7466e461bc9b3567792

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.6-1ubuntu=
2.1_sparc.deb
Size/MD5: 227912 b68f2d7df5958c60db8d928d82c807e4

Updated packages for Ubuntu 6.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.8-2ubuntu=
3.1.diff.gz
Size/MD5: 63808 646a700128fa9b8478d34792887c4276
http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.8-2ubuntu=
3.1.dsc
Size/MD5: 561 87b5f9f829775716738a588fe1449d0d
http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.8.orig.ta=
r.gz
Size/MD5: 772314 082a9dba1f741e6591e5cd748a1233de

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.8-2ubuntu=
3.1_amd64.deb
Size/MD5: 260992 67a07bb1085ea883eef3b232c65e3b50

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.8-2ubuntu=
3.1_i386.deb
Size/MD5: 248638 00b6f25e96fad7b0de2501ec3e8d2f6c

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.8-2ubuntu=
3.1_powerpc.deb
Size/MD5: 264226 9b946b0454917f152a8ecda634082216

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.8-2ubuntu=
3.1_sparc.deb
Size/MD5: 255870 87c614c1185a065852479535a27c978e

Updated packages for Ubuntu 7.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.9-3ubuntu=
1.1.diff.gz
Size/MD5: 38919 44b95b6f0725b0833e335d026005f7dd
http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.9-3ubuntu=
1.1.dsc
Size/MD5: 658 efdb8c45d0e7d0ec1190af90608b2e42
http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.9.orig.ta=
r.gz
Size/MD5: 811841 996d8d8831dbca17910094e56dcb5942

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.9-3ubuntu=
1.1_amd64.deb
Size/MD5: 275860 b6bb111fe5c03e7dab73800360ea0787

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.9-3ubuntu=
1.1_i386.deb
Size/MD5: 261948 d4369b89eb66a7c806ccd10ae84e7d15

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.9-3ubuntu=
1.1_powerpc.deb
Size/MD5: 282332 13e0995bce9e9808f881ce9c01be5965

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/r/rsync/rsync_2.6.9-3ubuntu=
1.1_sparc.deb
Size/MD5: 270036 e344c2522560161406eedbd7c111d584


--HcccYpVZDxQ8hzPO
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGyhe4H/9LqRcGPm0RAh/dAJwL4d/mfbJcIW0UpNheeHO1iGit7wCfRFGy
pIlf+tpHR1Csr7woLSjMxrA=
=yw2f
-----END PGP SIGNATURE-----

« USN-499-1: Apache vulnerabilities · ATI Tray Tools 1.3.6.1047 »

Linux Compatible » News » August 2007 » USN-500-1: rsync vulnerability
All products mentioned are registered trademarks or trademarks of their respective owners.
© 2002-2018 Esselbach Internet Solutions - All Rights Reserved. Terms and privacy policy
Powered by Contentteller® Business Edition