Otkriven je i ispravljen jedan sigurnosni propust u programskom paketu rsync. Spomenuti paket otvorenog programskog koda se koristi za udaljenu ili lokalnu sinkronizaciju datoteka. Propust se očituje kao korupcija memorije gomile ukoliko se opcije "--recursive" i "--delete" koriste bez opcije "--owner" prilikom spajanja na zlonamjerni rsync poslužitelj. Opisani propust mogu iskoristiti udaljeni napadači za napad uskraćivanjem usluga (DoS) i pokretanje proizvoljnog programskog koda. Svim korisnicima se savjetuje korištenje dostupne nadogradnje.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-4389
2011-03-30 02:22:26
--------------------------------------------------------------------------------
Name : rsync
Product : Fedora 15
Version : 3.0.8
Release : 1.fc15
URL : http://rsync.samba.org/
Summary : A program for synchronizing files over a network
Description :
Rsync uses a reliable algorithm to bring remote and host files into
sync very quickly. Rsync is fast because it just sends the differences
in the files over the network instead of sending the complete
files. Rsync is often used as a very powerful mirroring process or
just as a more capable replacement for the rcp command. A technical
report which describes the rsync algorithm is included in this
package.
--------------------------------------------------------------------------------
Update Information:
Rebase to 3.0.8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #675036 - CVE-2011-1097 rsync: Incremental file-list corruption due
to temporary file_extra_cnt increments
https://bugzilla.redhat.com/show_bug.cgi?id=675036
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update rsync' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke