[11437] in bugtraq
[SECURITY] New versions of rsync fixes security hole
daemon@ATHENA.MIT.EDU (Aleph One)
Thu Aug 19 21:51:20 1999
Mime-Version: 1.0
Content-Type: multipart/signed; boundary=2hMgfIw2X+zgXrFs; micalg=pgp-md5;
protocol="application/pgp-signature"
Message-Id: <"YFPk2B.A.1PH.Sdyu3"@murphy>
Date: Wed, 18 Aug 1999 17:12:45 -0700
Reply-To: security@debian.org
From: Aleph One <aleph1@UNDERGROUND.ORG>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
--2hMgfIw2X+zgXrFs
Content-Type: text/plain; charset=us-ascii
This is an old report from May 1999 but it wasn't reported on this
channel yet.
The author of rsync, Andrew Tridgell, has reported that former
versions of rsync contained a security-related bug. I you were
transferring an empty directory into a non-existent directory on a
remote host, permissions on the remote host may be mangled. This bug
may only happen in very rare cases. It's not likely that you have
experienced this, but you'd better check the permissions of your home
directories.
We recommend you upgrade your rsync package.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.1 alias slink
--------------------------------
Source archives:
ftp://ftp.debian.org/debian/dists/proposed-updates/rsync_2.3.1-0.slink.1.diff.gz
MD5 checksum: f0c1e8a59d845f9e730077ab58d4b857
ftp://ftp.debian.org/debian/dists/proposed-updates/rsync_2.3.1-0.slink.1.dsc
MD5 checksum: 6a8e3606d4447a84402738c3dff56e16
ftp://ftp.debian.org/debian/dists/proposed-updates/rsync_2.3.1.orig.tar.gz
MD5 checksum: 907a0ae01417d54e53cb84b069ba1620
Alpha architecture:
ftp://ftp.debian.org/debian/dists/proposed-updates/rsync_2.3.1-0.slink.1_alpha.deb
MD5 checksum: e85eb2f4314d9b24e3e1b5ee1b36b56c
Intel ia32 architecture:
ftp://ftp.debian.org/debian/dists/proposed-updates/rsync_2.3.1-0.slink.1_i386.deb
MD5 checksum: 1596e1746d1685a69972851b62eb66c1
Motorola 680x0 architecture:
ftp://ftp.debian.org/debian/dists/proposed-updates/rsync_2.3.1-0.slink.1_m68k.deb
MD5 checksum: 3f1b06222b8303c02e3d32419d47ec5d
Sun Sparc architecture:
ftp://ftp.debian.org/debian/dists/proposed-updates/rsync_2.3.1-0.slink.1_sparc.deb
MD5 checksum: 9ed41aadbcccff7f992b91b55f953aae
Debian GNU/Linux unstable alias potato
--------------------------------------
Source archives:
ftp://ftp.debian.org/debian/dists/unstable/main/source/net/rsync_2.3.1-2.diff.gz
MD5 checksum: 1db28be72470cd1eba256bf1f4f96686
ftp://ftp.debian.org/debian/dists/unstable/main/source/net/rsync_2.3.1-2.dsc
MD5 checksum: 8dc07ae51c471459024a3e9a86164b14
ftp://ftp.debian.org/debian/dists/unstable/main/source/net/rsync_2.3.1.orig.tar.gz
MD5 checksum: 907a0ae01417d54e53cb84b069ba1620
Alpha architecture:
ftp://ftp.debian.org/debian/dists/unstable/main/binary-alpha/net/rsync_2.3.1-2.deb
MD5 checksum: 5b0514225688bcd3a6cd1a496d6498d0
ARM architecture:
ftp://ftp.debian.org/debian/dists/unstable/main/binary-arm/net/rsync_2.3.1-2.deb
MD5 checksum: b10f673f474698d2cf335d47674ea84f
Intel ia32 architecture:
ftp://ftp.debian.org/debian/dists/unstable/main/binary-i386/net/rsync_2.3.1-2.deb
MD5 checksum: 57500b60f942023980ed0eba2a682ef1
Motorola 680x0 architecture:
ftp://ftp.debian.org/debian/dists/unstable/main/binary-m68k/net/rsync_2.3.1-2.deb
MD5 checksum: 71b76867cc3c572affb544c3729222c7
PowerPC architecture:
ftp://ftp.debian.org/debian/dists/unstable/main/binary-powerpc/net/rsync_2.3.1-2.deb
MD5 checksum: 4d5e5c1817ecfcd689748383484ee8ad
Sun Sparc architecture:
ftp://ftp.debian.org/debian/dists/unstable/main/binary-sparc/net/rsync_2.3.1-2.deb
MD5 checksum: 7fb6a6b76e3279d4d48344648cfea4ac
--
Debian GNU/Linux . Security Managers . security@debian.org
debian-security-announce@lists.debian.org
Christian Hudon . Wichert Akkerman . Martin Schulze
<chrish@debian.org> . <wakkerma@debian.org> . <joey@debian.org>
--2hMgfIw2X+zgXrFs
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
iQCVAwUBN7sm5BRNm5Suj3z1AQFEwAP/cqFlNhaf87ioqh1IT9dtoBIuWgAbzcyn
HM1vv6xls8a2pc4MwFO/f3GMswFQ0eq+4EmHdbhHQkq5bMucq7yzYSFIS3uAZFRJ
vvuLBQ7qSjTB0XUsjqcUngvJhox47Y+s6M4bZqumW/hLbTgB8IVzWXZT5tmWrhQI
ki9U3TpE5ng=
=i8Fw
-----END PGP SIGNATURE-----
--2hMgfIw2X+zgXrFs--
--
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
