SciLinux: CVE-2011-1097 Moderate Rsync Memory Corruption

Mar 29, 2011 •

LinuxSecurity Advisories

1 min read

Scientific Large Esm H500

Topics Covered

security advisory moderate security update memory corruption rsync scientific linux

Moderate: rsync security update

Date: Tue, 29 Mar 2011 17:16:24 -0500
Reply-To: Connie Sieh 
Sender: Security Errata for Scientific Linux

From: Connie Sieh 
Subject: Security ERRATA Moderate: rsync on SL6.x i386/x86_64
Comments: To: scientific 
MIME-Version: 1.0

This ERRATA for SL 6.x i386/x86_64 is now available from:

Synopsis: Moderate: rsync security update
Issue date: 2011-03-29
CVE Names: CVE-2011-1097

A memory corruption flaw was found in the way the rsync client processed
malformed file list data. If an rsync client used the "--recursive" and
"--delete" options without the "--owner" option when connecting to a
malicious rsync server, the malicious server could cause rsync on the
client system to crash or, possibly, execute arbitrary code with the
privileges of the user running rsync. (CVE-2011-1097)

We would like to thank Wayne Davison and Matt McCutchen for reporting
this issue.

--------------------------------------------------------------------------

SL 6.x

SRPMS:

 	rsync-3.0.6-5.el6_0.1.src.rpm

i386:

 	rsync-3.0.6-5.el6_0.1.i686.rpm

x86_64:

 	rsync-3.0.6-5.el6_0.1.x86_64.rpm

-Connie Sieh
-Troy Dawson

Powered By

Linux Security Footer

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Your message here