Date: Fri, 1 Feb 2002 13:36:31 -0500 From: The Anarcat <anarcat@anarcat.dyndns.org> To: Zvezdan Petkovic <zvezdan@CS.WM.EDU> Cc: security@FreeBSD.ORG Subject: Re: rsync core dumping? Message-ID: <20020201183631.GG324@shall.anarcat.dyndns.org> In-Reply-To: <20020201125322.A19287@corona.cs.wm.edu> References: <20020201080635.H14011-100000@localhost> <20020201125322.A19287@corona.cs.wm.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Hi. An advisory is underway for the rsync port. The 2.5.1_1 is not vulnerable to the problem described in http://www.mandrakesecure.net/en/advisories/2002/MDKSA-2002-009.php 2.5.2 also contains the fix. A, On Fri Feb 01, 2002 at 12:53:22PM -0500, Zvezdan Petkovic wrote: > On Fri, Feb 01, 2002 at 08:13:24AM -0800, Brian Behlendorf wrote: > > > > So there've been numerous bulletins to bugtraq, etc. about remote > > vulnerabilities in rsync prior to 2.4.6 or so. I saw no FreeBSD-specific > > announcements, however the hole appeared to be pretty generic, so I > > upgraded anyways to the current version in /usr/ports, 2.5.2. Since the > > vulnerability announcements, and both before *and* after my upgrade, I've > > been seeing core dumps from the two public rsync servers I run for > > apache.org. [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: Pour information voir http://www.gnupg.org iEYEARECAAYFAjxa4C4ACgkQttcWHAnWiGc6lQCfV2v1n22plkXggB8gi92iD6wf 9VoAn000J0xl3A/7NBChFCIvFLXQ5ziK =56p9 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020201183631.GG324>