Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora Core: FEDORA-2004-269 Moderate: Rsync Path Sanitization Issue

fedora
Calendar Grey August 20, 2004
Dist Fedora Esm H88
An updated security fix for rsync addresses a critical path handling flaw in Fedora Core, particularly affecting its daemon execution mode.
This update backports a security fix to a path-sanitizing flaw that affects rsync when it is used in daemon mode without also using chroot.

Summary

Rsync uses a reliable algorithm to bring remote and host files into

sync very quickly. Rsync is fast because it just sends the differences

in the files over the network instead of sending the complete

files. Rsync is often used as a very powerful mirroring process or

just as a more capable replacement for the rcp command. A technical

report which describes the rsync algorithm is included in this

package.

Rsync uses a reliable algorithm to bring remote and host files into

sync very quickly. Rsync is fast because it just sends the differences

in the files over the network instead of sending the complete

files. Rsync is often used as a very powerful mirroring process or

just as a more capable replacement for the rcp command. A technical

report which describes the rsync algorithm is included in this

package.

Update Information:

This update backports a security fix to a path-sanitizing flaw that affects rsync when it is used in daemon mode without also using chroot.

For more information see rsync

* Thu Aug 19 2004 Jay Fenlason <fenlason@redhat.com> 2.6.2-1.fc2.0

- Backport fix for CAN-2004-0792


This update can be downloaded from:


d6ae9d1c6e5d18903911e1fdedd55a03 SRPMS/rsync-2.6.2-1.fc2.0.src.rpm f03bc05659c874cb39d4bab606dfaabf x86_64/rsync-2.6.2-1.fc2.0.x86_64.rpm 97f2ed68e7b3f7e0c5888b0aa8cd2088 x86_64/debug/rsync-debuginfo-2.6.2-1.fc2.0.x86_64.rpm 1dd097feb524de781f6ae9ecf74bcc3d i386/rsync-2.6.2-1.fc2.0.i386.rpm 38590683c5bca0a599fbc70a971c6b7e i386/debug/rsync-debuginfo-2.6.2-1.fc2.0.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

CORE 1:

Fedora Update Notification FEDORA-2004-268 2004-08-19

Product : Fedora Core 1...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate security fix Fedora Core rsync path sanitization daemon mode

Change Log

References

CORE 2: Fedora Update Notification FEDORA-2004-269 2004-08-19 Product : Fedora Core 2 Name : rsync Version : 2.6.2 Release : 1.fc2.0 Summary : A program for synchronizing files over a network. Description : Rsync uses a reliable algorithm to bring remote and host files into sync very quickly. Rsync is fast because it just sends the differences in the files over the network instead of sending the complete files. Rsync is often used as a very powerful mirroring process or just as a more capable replacement for the rcp command. A technical report which describes the rsync algorithm is included in this package.

Update Instructions

Product: Fedora Core 2
Name: rsync
Version: 2.6.2
Release: 1.fc2.0
Summary: A program for synchronizing files over a network.
Product: Fedora Core 1
Name: rsync
Version: 2.5.7
Release: 5.fc1.1
Summary: A program for synchronizing files over a network.

Topics%20covered

Topics Covered

security advisory moderate security fix Fedora Core rsync path sanitization daemon mode

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here