RSync Daemon Mode Undisclosed Remote Heap Overflow Vulnerability

Solution:
Sun have released a fix to address this issue in the Sun Cobalt RaQ XTR. The fix is linked below.

Sun have released fixes to address this issue in Sun Cobalt RaQ4 and Qube 3 products. Fixes are linked below.

Immunix has released an advisory and fixes to address this issue.

Mandrake has released an advisory that includes fixes to address this issue.

Red Hat Linux has released an advisory (FEDORA-2003-030) and fixes to address this issue in Fedora Core 1. Affected users are advised to apply appropriate fixes as soon as possible. Further information regarding obtaining and applying fixes can be found in the referenced advisory.

Red Hat Linux has released an advisory (RHSA-2003:399-06) to address this issue in Enterprise systems. Affected customers are advised to apply appropriate fixes from the Red Hat Network as soon as possible. Further information regarding obtaining and applying fixes can be found in the referenced advisory.

Red Hat Linux has released an advisory (RHSA-2003:398-01) and fixes to address this issue. Affected users are advised to apply appropriate fixes as soon as possible. Further information regarding obtaining and applying fixes can be found in the referenced advisory.

Gentoo Linux has released an advisory (200312-03) to address this issue. Gentoo have advised that users upgrade to version 2.5.7 of rsync. Users can accomplish this by typing:
emerge sync;
emerge >=net-misc/rsync-2.5.7

EnGarde has released an advisory (ESA-20031204-032) with fixes to address this issue. Guardian Digital Secure Network subscribers may update affected packages using the WebTool. See referenced advisory for additional details.

Slackware has released Slackware Linux Security Advisory SSA:2003-337-01 with fixes to address this issue.

Advisory OpenPKG-SA-2003.051 has been released by The OpenPKG Project to address this issue.

Debian has released advisory DSA 404-1 to address this issue.

Trustix advisory #2003-0048 has been released with fixes for this issue. See references for additional details.

SuSE Security Announcement SuSE-SA:2003:050 has been released with fixes for this issue.

Conectiva has released an advisory and fixes to address this issue.

OpenBSD has made a fixed version available.

TurboLinux has released a security advisory to address this issue. Affected users are advised to execute the following commands:

# turbopkg

OR

For zabom-1.x

# zabom update rsync

For zabom-2.x

# zabom -u rsync

Additional TurboLinux information is available in the referenced advisory.

rsync version 2.5.7 has been released to resolve these issues.

SGI has released a security advisory 20031202-01-U with fixes for SGI ProPack v2.3 for the Altix family of systems. Please see the referenced advisory for more information.

Apple has released advisories to fix this issue in Apple Jaguar for Mac OS X 10.2.8 and Mac OS X Server 10.2.8 and Panther for Mac OS X 10.3.2 and Mac OS X Server 10.3.2. Please see referenced advisories for more details about obtaining fixes.

SCO has released advisory CSSA-2004-010.0 dealing with this issue. For more information please see the referenced advisory.


Slackware Linux -current

Sun Cobalt RaQ 4

Redhat rsync-2.5.5-4.i386.rpm

Redhat rsync-2.4.6-5.ia64.rpm

Sun Cobalt RaQ XTR

Redhat rsync-2.4.6-2.i386.rpm

Sun Cobalt Qube 3

Redhat rsync-2.5.5-1.i386.rpm

Redhat rsync-2.4.6-5.i386.rpm

Redhat rsync-2.5.4-2.i386.rpm

rsync rsync 2.3.1

rsync rsync 2.3.2

rsync rsync 2.4 .0

rsync rsync 2.4.1

rsync rsync 2.4.3

rsync rsync 2.4.4

rsync rsync 2.4.5

rsync rsync 2.4.6

rsync rsync 2.4.8

rsync rsync 2.5 .0

rsync rsync 2.5.1

rsync rsync 2.5.2

rsync rsync 2.5.3

rsync rsync 2.5.4

rsync rsync 2.5.5

rsync rsync 2.5.6

Slackware Linux 8.1

Slackware Linux 9.0

Slackware Linux 9.1


 

Privacy Statement
Copyright 2010, SecurityFocus