rsync security advisory
paul at debian.org
Thu Dec 4 21:34:44 EST 2003
On Thu 04 Dec 2003, Martin Pool wrote:
> - rsync version 2.5.6 contains a heap overflow vulnerability that can
> be used to remotely run arbitrary code.
Is this specific to 2.5.6, or are earlier versions also vulnerable?
Important detail, as it makes the difference between needing to upgrade
older rsync's as well, or only those that are 2.5.6... As Debian
provides security patches for the stable release (which contains rsync
2.5.5), I'm wondering whether an update for that is necessary.
More information about the rsync