Rsync 3.0.2 released w/xattr security fix (attn: 2.6.9 onward)
Wayne Davison
wayned at samba.org
Tue Apr 8 16:53:08 GMT 2008
I have released rsync 3.0.2. This is a security release to fix a
potential buffer overflow in the extended attribute support. For
more details, see the rsync security advisory page:
http://rsync.samba.org/security.html
There is a patch there that can be applied to 2.6.9 (if you were using
the xattrs.patch), 3.0.0, or 3.0.1.
Those running a writable rsync daemon can opt to refuse the "xattrs"
option in their daemon config to avoid the problem without an upgrade.
I would like to thank Sebastian Krahmer for bringing this bug to my
attention.
To see the brief summary of the changes since 3.0.1, visit this link:
http://rsync.samba.org/ftp/rsync/src/rsync-3.0.2-NEWS
You can download the source tar file and its signature from here:
http://rsync.samba.org/ftp/rsync/src/rsync-3.0.2.tar.gz
http://rsync.samba.org/ftp/rsync/src/rsync-3.0.2.tar.gz.asc
..wayne..
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.samba.org/archive/rsync/attachments/20080408/99045d45/attachment.bin
More information about the rsync
mailing list