Slackware 9.1 Security Update: 2004-125-02 Critical Rsync Escalation Risk
slackware
May 3, 2004
New rsync packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a security issue
Summary
Here are the details from the Slackware 9.1 ChangeLog: Sun May 2 17:16:41 PDT 2004 patches/packages/rsync-2.6.2-i486-1.tgz: Upgraded to rsync-2.6.2. Rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, allowing remote attackers to write files outside of the module's path. For more details, see: https://www.cve.org/CVERecord?id=CVE-CAN-2004-0426 (* Security fix *)
Topics Covered
Where Find New Packages
Updated package for Slackware 8.1:
Updated package for Slackware 9.0:
Updated package for Slackware 9.1:
Updated package for Slackware -current:
MD5 Signatures
Slackware 8.1 package:
f7702e872e7816dcb6f9b0ba27c3fb61 rsync-2.6.2-i386-1.tgz
Slackware 9.0 package:
f6ec19791028f4b355bc16d454031204 rsync-2.6.2-i386-1.tgz
Slackware 9.1 package:
a42dc11056b37c7ddd94f71e4ce20c74 rsync-2.6.2-i486-1.tgz
Slackware -current package:
31eb4e17aea2a32a98d4576fab64ab8b rsync-2.6.2-i486-1.tgz
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Installation Instructions
Installation instructions: If rsync is running as a server, shut it down first. Then, upgrade the packages as root: # upgradepkg rsync-2.6.2-i486-1.tgz Finally, restart the rsync server if needed.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!