[rsync-announce] Rsync 2.6.1 released (includes security note)
rsync-announce at lists.samba.org
rsync-announce at lists.samba.org
Tue Apr 27 05:01:56 GMT 2004
Rsync version 2.6.1 has been released. It is primarily a performance
release that requires less memory to run, makes fewer write calls to
the socket (lowering the system CPU time), does less string copying
(lowering the user CPU time), and also reduces the amount of data
that is transmitted over the wire. There have also been quite a few
bug fixes. See the release NEWS for the full details:
http://rsync.samba.org/ftp/rsync/rsync-2.6.1-NEWS
*Security Note*
There is a security fix included in 2.6.1 that affects only people
running a read/write daemon WITHOUT using chroot. If the user privs
that such an rsync daemon is using is anything above "nobody", you are
at risk of someone crafting an attack that could write a file outside
of the module's "path". Please either enable chroot or upgrade to
2.6.1. People not running a daemon, running a read-only daemon, or
running a chrooted daemon are totally unaffected.
Go to the download page to grab the new version:
http://rsync.samba.org/download.html
..wayne..
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.samba.org/archive/rsync-announce/attachments/20040426/84fefa82/attachment.bin
More information about the rsync-announce
mailing list