Support / Security / Advisories / Mandriva Linux 2008.1 / MDVSA-2008:084

Package name: rsync
Date: 2008-04-11
Advisory ID: MDVSA-2008:084
Affected versions: CS4.0 i586 , 2008.1 x86_64 , 2007.0 x86_64 , 2007.1 i586 , 2007.0 i586 , CS3.0 x86_64 , 2008.0 x86_64 , CS3.0 i586 , 2008.0 i586 , 2008.1 i586 , CS4.0 x86_64 , 2007.1 x86_64

Problem description

Sebastian Krahmer of SUSE discovered that rsync could overflow when
handling ACLs. An attakcer could construct a malicious set of files
that, when processed, could lead to arbitrary code execution or a crash
(CVE-2008-1720).

The updated packages have been patched to correct this issue.

Updated packages

CS4.0 i586

 436bcca45d69c4ad6bd662c9554b21b3  corporate/4.0/i586/rsync-2.6.9-4.2.20060mlcs4.i586.rpm 
 59a9aacffd74793315403ea016e4cd80  corporate/4.0/SRPMS/rsync-2.6.9-4.2.20060mlcs4.src.rpm

2008.1 x86_64

 de82c38e7c764990cd8cec60907af8d0  2008.1/x86_64/rsync-3.0.2-0.1mdv2008.1.x86_64.rpm 
 4d6d3d0908bd35a4151e9c05b848affc  2008.1/SRPMS/rsync-3.0.2-0.1mdv2008.1.src.rpm

2007.0 x86_64

 6c40f172781c4b6e8e29afea66eceda5  2007.0/x86_64/rsync-2.6.9-5.2mdv2007.0.x86_64.rpm 
 da32538186f22095454d5fd905c43f18  2007.0/SRPMS/rsync-2.6.9-5.2mdv2007.0.src.rpm

2007.1 i586

 c9ca16a3e8d078ff91544bed44adf29a  2007.1/i586/rsync-2.6.9-5.2mdv2007.1.i586.rpm 
 e2fd457f3d5b29d2e0ff2e90103edf52  2007.1/SRPMS/rsync-2.6.9-5.2mdv2007.1.src.rpm

2007.0 i586

 015dee0e8b724a60a702aac81194128b  2007.0/i586/rsync-2.6.9-5.2mdv2007.0.i586.rpm 
 da32538186f22095454d5fd905c43f18  2007.0/SRPMS/rsync-2.6.9-5.2mdv2007.0.src.rpm

CS3.0 x86_64

 242602d0ff175c4ef6a36bcf0f2fc544  corporate/3.0/x86_64/rsync-2.6.9-4.2.C30mdk.x86_64.rpm 
 03e2cc506c2df32dcecddfc005aaefe9  corporate/3.0/SRPMS/rsync-2.6.9-4.2.C30mdk.src.rpm

2008.0 x86_64

 c1345a5a22eb0b15dc7975cb39ae75d3  2008.0/x86_64/rsync-2.6.9-5.2mdv2008.0.x86_64.rpm 
 9b325b104fc1b0252103c1fd7d92b64e  2008.0/SRPMS/rsync-2.6.9-5.2mdv2008.0.src.rpm

CS3.0 i586

 0ec10ce483edb010b3fa914de3a249d5  corporate/3.0/i586/rsync-2.6.9-4.2.C30mdk.i586.rpm 
 03e2cc506c2df32dcecddfc005aaefe9  corporate/3.0/SRPMS/rsync-2.6.9-4.2.C30mdk.src.rpm

2008.0 i586

 a94efaeca944875ae05ae4ed6258db87  2008.0/i586/rsync-2.6.9-5.2mdv2008.0.i586.rpm 
 9b325b104fc1b0252103c1fd7d92b64e  2008.0/SRPMS/rsync-2.6.9-5.2mdv2008.0.src.rpm

2008.1 i586

 303269d032057cf2188daa61c5a9514e  2008.1/i586/rsync-3.0.2-0.1mdv2008.1.i586.rpm 
 4d6d3d0908bd35a4151e9c05b848affc  2008.1/SRPMS/rsync-3.0.2-0.1mdv2008.1.src.rpm

CS4.0 x86_64

 105b47b006fc912edb42fc5ff170b89a  corporate/4.0/x86_64/rsync-2.6.9-4.2.20060mlcs4.x86_64.rpm 
 59a9aacffd74793315403ea016e4cd80  corporate/4.0/SRPMS/rsync-2.6.9-4.2.20060mlcs4.src.rpm

2007.1 x86_64

 04f27441429d634ac818987560a4c84b  2007.1/x86_64/rsync-2.6.9-5.2mdv2007.1.x86_64.rpm 
 e2fd457f3d5b29d2e0ff2e90103edf52  2007.1/SRPMS/rsync-2.6.9-5.2mdv2007.1.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1720