Re: rsync security advisory

Paul Slootman
Thu, 04 Dec 2003 03:39:24 -0800

On Thu 04 Dec 2003, Martin Pool wrote:
> 
>  - rsync version 2.5.6 contains a heap overflow vulnerability that can
>    be used to remotely run arbitrary code.


Is this specific to 2.5.6, or are earlier versions also vulnerable?
Important detail, as it makes the difference between needing to upgrade
older rsync's as well, or only those that are 2.5.6...  As Debian
provides security patches for the stable release (which contains rsync
2.5.5), I'm wondering whether an update for that is necessary.


Paul Slootman
-- 
To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html

Reply via email to