New versions of rsync fixes security hole

    Date13 Dec 1999
    CategoryDebian
    3218
    Posted ByLinuxSecurity Advisories
    This is an old report from May 1999 but it wasn't reported on this channel yet.
    This is an old report from May 1999 but it wasn't reported on this
    channel yet.
    
    The author of rsync, Andrew Tridgell, has reported that former
    versions of rsync contained a security-related bug.  I you were
    transferring an empty directory into a non-existent directory on a
    remote host, permissions on the remote host may be mangled.  This bug
    may only happen in very rare cases.  It's not likely that you have
    experienced this, but you'd better check the permissions of your home
    directories.
    
    We recommend you upgrade your rsync package.
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    Debian GNU/Linux 2.1 alias slink
    --------------------------------
    
      Source archives:
    
        ftp://ftp.debian.org/debian/dists/proposed-
    updates/rsync_2.3.1-0.slink.1.diff.gz
          MD5 checksum: f0c1e8a59d845f9e730077ab58d4b857
        ftp://ftp.debian.org/debian/dists/proposed-updates/rsync_2.3.1-
    0.slink.1.dsc
          MD5 checksum: 6a8e3606d4447a84402738c3dff56e16
        ftp://ftp.debian.org/debian/dists/proposed-
    updates/rsync_2.3.1.orig.tar.gz
          MD5 checksum: 907a0ae01417d54e53cb84b069ba1620
    
      Alpha architecture:
    
        ftp://ftp.debian.org/debian/dists/proposed-
    updates/rsync_2.3.1-0.slink.1_alpha.deb
          MD5 checksum: e85eb2f4314d9b24e3e1b5ee1b36b56c
    
      Intel ia32 architecture:
    
        ftp://ftp.debian.org/debian/dists/proposed-
    updates/rsync_2.3.1-0.slink.1_i386.deb
          MD5 checksum: 1596e1746d1685a69972851b62eb66c1
    
      Motorola 680x0 architecture:
    
        ftp://ftp.debian.org/debian/dists/proposed-
    updates/rsync_2.3.1-0.slink.1_m68k.deb
          MD5 checksum: 3f1b06222b8303c02e3d32419d47ec5d
    
      Sun Sparc architecture:
    
        ftp://ftp.debian.org/debian/dists/proposed-
    updates/rsync_2.3.1-0.slink.1_sparc.deb
          MD5 checksum: 9ed41aadbcccff7f992b91b55f953aae
    
    
    Debian GNU/Linux unstable alias potato
    --------------------------------------
    
      Source archives:
    
        ftp://ftp.debian.org/debian/dists/unstable/main/source/net/rsync_2.3.
    1-2.diff.gz
          MD5 checksum: 1db28be72470cd1eba256bf1f4f96686
        ftp://ftp.debian.org/debian/dists/unstable/main/source/net/rsync_2.3.1-
    2.dsc
          MD5 checksum: 8dc07ae51c471459024a3e9a86164b14
        ftp://ftp.debian.org/debian/dists/unstable/main/source/net/rsync_2.3.1
    .orig.tar.gz
          MD5 checksum: 907a0ae01417d54e53cb84b069ba1620
    
      Alpha architecture:
    
        ftp://ftp.debian.org/debian/dists/unstable/main/binary-
    alpha/net/rsync_2.3.1-2.deb
          MD5 checksum: 5b0514225688bcd3a6cd1a496d6498d0
    
      ARM architecture:
    
        ftp://ftp.debian.org/debian/dists/unstable/main/binary-
    arm/net/rsync_2.3.1-2.deb
          MD5 checksum: b10f673f474698d2cf335d47674ea84f
    
      Intel ia32 architecture:
    
        ftp://ftp.debian.org/debian/dists/unstable/main/binary-
    i386/net/rsync_2.3.1-2.deb
          MD5 checksum: 57500b60f942023980ed0eba2a682ef1
    
      Motorola 680x0 architecture:
    
        ftp://ftp.debian.org/debian/dists/unstable/main/binary-
    m68k/net/rsync_2.3.1-2.deb
          MD5 checksum: 71b76867cc3c572affb544c3729222c7
    
      PowerPC architecture:
    
        ftp://ftp.debian.org/debian/dists/unstable/main/binary-
    powerpc/net/rsync_2.3.1-2.deb
          MD5 checksum: 4d5e5c1817ecfcd689748383484ee8ad
    
      Sun Sparc architecture:
    
        ftp://ftp.debian.org/debian/dists/unstable/main/binary-
    sparc/net/rsync_2.3.1-2.deb
          MD5 checksum: 7fb6a6b76e3279d4d48344648cfea4ac
    
    --
    Debian GNU/Linux      .    Security Managers     .   This email address is being protected from spambots. You need JavaScript enabled to view it.
                  This email address is being protected from spambots. You need JavaScript enabled to view it.
      Christian Hudon     .     Wichert Akkerman     .     Martin Schulze
       .     .   
    
    

    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"23","type":"x","order":"1","pct":56.1,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":12.2,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"13","type":"x","order":"3","pct":31.71,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.