-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Fedora Test Update Notification FEDORA-2004-1569 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1569 2004-05-31 - --------------------------------------------------------------------- Name : rsync Version 7.3 : 2.5.7-1.legacy.7x Version 9 : 2.5.7-1.legacy.9 Summary : A program for synchronizing files over a network. Description : Rsync uses a reliable algorithm to bring remote and host files into sync very quickly. Rsync is fast because it just sends the differences in the files over the network instead of sending the complete files. Rsync is often used as a very powerful mirroring process or just as a more capable replacement for the rcp command. A technical report which describes the rsync algorithm is included in this package. - --------------------------------------------------------------------- Update Information: CAN-2004-0426: rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, allows remote attackers to write files outside of the module's path. - --------------------------------------------------------------------- Changelog: 7.3: * Wed May 05 2004 Seth Vidal <skvidal@xxxxxxxxxxxx> 2.5.7-1.legacy.7x - - apply sanitize path's patch for: - - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0426 - - Fix for segfault when RSYNC_PROXY port part is too long 9: * Tue May 04 2004 Rok Papez <rok.papez@xxxxxxxx> 2.5.7-1.legacy.9 - - Fix for segfault when RSYNC_PROXY port part is too long - - Fix for CAN-2004-0426: not properly sanitizing paths - --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/redhat/ d4d63c594b993ec4194b2b1145abe71348e984e8 7.3/updates-testing/SRPMS/rsync-2.5.7-1.legacy.7x.src.rpm c7960f3fdf5a053c459ee063651470fa95a5dc00 7.3/updates-testing/i386/rsync-2.5.7-1.legacy.7x.i386.rpm 36ab488484efbb6a6c7e03b06b6cc3f9810bdcae 9/updates-testing/SRPMS/rsync-2.5.7-1.legacy.9.src.rpm 341b5116c4a761b212d00a15e5262a6dc6ca17e3 9/updates-testing/i386/rsync-2.5.7-1.legacy.9.i386.rpm Please note that this update is also available via yum and apt through the updates-testing channel. Many people find this an easier way to apply updates. - --------------------------------------------------------------------- - -- Jesse Keating RHCE (http://geek.j2solutions.net) Fedora Legacy Team (http://www.fedoralegacy.org) GPG Public Key (http://geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAu6FX4v2HLvE71NURApEVAJ41WnakDFtXtHpFT1gu1c3VH6hl4ACeKYsX 0uPUJghzTzpdTYATxMegNhs= =bRou -----END PGP SIGNATURE----- -- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
