Integer overflow in the receive_xattr function in the extended attributes patch (xattr.c) for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes that trigger a buffer overflow.
This is fixed in 2.6.8 which is already in the tree but the advisory is not public yet. Arch Security Liaisons please test and mark stable.
x86 all done :)
ppc stable
stable on ppc64
amd64 stable.
sparc stable.
hppa stable
Stable on alpha + ia64.
jaervosz: this is already stable on ppc64. or do I miss an argument why you CC'd us again? Please readd, if I missunderstand this...
Ready for GLSA. For the drafter : << The vulnerable function is only present when the rsync binary was compiled with the configuration option --enable-xattr-support. This is enabled by default on Fedora Core 5. Furthermore, for the rsync server daemon to be exploited, an attacker must have write access to a module on the server. This is due to the vulnerable code being called only from the recv_file_list() function, which is used when receiving files from the connected peer. >> USE=acl triggers the --enable-xattr-support for Gentoo.
rsync has only ~ppc-macos keywords (no stable keyword for any version). In package.mask. Not stabling.
GLSA 200605-05 arm, mips, s390 don't forget to mark stable to benefit from the GLSA.
Stable on mips.