=========================================================================== _ |_ . _ _ _ (_ _ |_ | | ) \/ _) (_) | (_| / Security Advisory #2004-020 Package Name: rsync Summary: Exposure of System Information Advisory ID: TSSA-2004-020-ES Date: 2004-08-16 Affected Products: tinysofa enterprise server 2.0 =========================================================================== Description ----------- rsync [0] is a program for synchronizing files over a network. A vulnerability [1] has been reported in rsync, which potentially can be exploited by malicious users to read or write arbitrary files on a vulnerable system. The vulnerability is caused due to an input validation error within the "sanitize_path()" function of the "util.c" file. Successful exploitation requires that the rsync daemon isn't running chrooted. The vulnerability affects version 2.6.2 and prior. Resolution ---------- The rsync package has been updated to address this vulnerability. References ---------- [0] http://samba.org/rsync/ [1] http://samba.org/rsync/#security_aug04 Recommended Action ================== We recommend that all systems with these packages installed be upgraded. Location ======== All tinysofa updates are available from <URI:http://http.tinysofa.org/pub/tinysofa/updates/> <URI:ftp://ftp.tinysofa.org/pub/tinysofa/updates/> Automatic Updates ================= Users of the APT tool can enjoy having updates automatically installed using 'apt-get upgrade'. Questions? ========== Check out our mailing lists: <URI:http://www.tinysofa.org/communicate/> Verification ============ This advisory is signed with the tinysofa security sign key. This key is available from: <URI:http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xAEDCBB4B> All tinysofa packages are signed with the tinysofa stable sign key. This key is available from: <URI:http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x0F1240A2> The advisory is available from the tinysofa errata database at <URI:http://www.tinysofa.org/support/errata/> or directly at <URI:http://www.tinysofa.org/support/errata/2004/020.html> Updated Packages ================ SRPMS ----- 606db14378c661b0b5ce1bbb3cd87d52 rsync-2.6.2-2ts.src.rpm i386 ---- 7d8ea97c366ae496d266b168c9c172ca rsync-2.6.2-2ts.i386.rpm -- tinysofa Security Team <security at tinysofa dot org>
Attachment:
pgpbGPUh5QXIK.pgp
Description: PGP signature