rsync security advisory

Paul Slootman paul at
Thu Dec 4 21:34:44 EST 2003

On Thu 04 Dec 2003, Martin Pool wrote:
>  - rsync version 2.5.6 contains a heap overflow vulnerability that can
>    be used to remotely run arbitrary code.

Is this specific to 2.5.6, or are earlier versions also vulnerable?
Important detail, as it makes the difference between needing to upgrade
older rsync's as well, or only those that are 2.5.6...  As Debian
provides security patches for the stable release (which contains rsync
2.5.5), I'm wondering whether an update for that is necessary.

Paul Slootman

More information about the rsync mailing list