You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa rsync

Sigurnosni nedostatak programskog paketa rsync

——————————————————————————–
Fedora Update Notification
FEDORA-2014-5315
2014-04-18 14:23:57
——————————————————————————–

Name : rsync
Product : Fedora 20
Version : 3.1.0
Release : 3.fc20
URL : http://rsync.samba.org/
Summary : A program for synchronizing files over a network
Description :
Rsync uses a reliable algorithm to bring remote and host files into
sync very quickly. Rsync is fast because it just sends the differences
in the files over the network instead of sending the complete
files. Rsync is often used as a very powerful mirroring process or
just as a more capable replacement for the rcp command. A technical
report which describes the rsync algorithm is included in this
package.

——————————————————————————–
Update Information:

This update fixes CVE-2014-2855 and temporary reverts compilation with system provided zlib(BZ#1043965).
——————————————————————————–
ChangeLog:

* Wed Apr 16 2014 Michal Luscon <mluscon@redhat.com> – 3.1.0-3
– Fixed: CVE-2014-2855 – denial of service
– Reverted: compilation with system provided zlib
* Sun Oct 20 2013 Michal Lusocn <mluscon@redhat.com> – 3.1.0-2
– Update to latest upstream 3.1.0
– Fixed #1018520 – missing rsyncd@.service
——————————————————————————–
References:

[ 1 ] Bug #1087841 – CVE-2014-2855 rsync: CPU consumption denial of service when authenticating with a non-existent username
https://bugzilla.redhat.com/show_bug.cgi?id=1087841
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update rsync’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa jakarta-commons-fileupload

Otkriven je sigurnosni nedostatak u programskom paketu jakarta-commons-fileupload. Otkriveni nedostatak potencijalnim napadačima omogućuje izvođenje napada uskraćivanjem usluge slanjem posebno oblikovanog...

Close