Rsync 3.0.2 released w/xattr security fix (attn: 2.6.9 onward)

Robert DuToit rdutoit at comcast.net
Tue Apr 8 17:05:28 GMT 2008


On Apr 8, 2008, at 12:53 PM, Wayne Davison wrote:
> I have released rsync 3.0.2.  This is a security release to fix a
> potential buffer overflow in the extended attribute support.  For
> more details, see the rsync security advisory page:
>
>  http://rsync.samba.org/security.html
>
> There is a patch there that can be applied to 2.6.9 (if you were using
> the xattrs.patch), 3.0.0, or 3.0.1.

Thanks Wayne,
I only use the fileflags and crtimes patches. Can I just use them from  
the patch files directory released with 3.0.1, on 3.0.2?
  Rob


>
>
> Those running a writable rsync daemon can opt to refuse the "xattrs"
> option in their daemon config to avoid the problem without an upgrade.
>
> I would like to thank Sebastian Krahmer for bringing this bug to my
> attention.
>
> To see the brief summary of the changes since 3.0.1, visit this link:
>
>  http://rsync.samba.org/ftp/rsync/src/rsync-3.0.2-NEWS
>
> You can download the source tar file and its signature from here:
>
>  http://rsync.samba.org/ftp/rsync/src/rsync-3.0.2.tar.gz
>  http://rsync.samba.org/ftp/rsync/src/rsync-3.0.2.tar.gz.asc
>
> ..wayne..
> -- 
> To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
> Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html



More information about the rsync mailing list