Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091 http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908 http://c-skills.blogspot.com/2007/08/cve-2007-4091.html Patch available, applies to 2.6.9-r3, http://www.suse.de/%7Ekrahmer/rsync-2.6.9-fname-obo.diff
Tested the patch applied to 2.6.9-r2, seems to be working fine on the rsync-Mirror I maintain.
Thanks for the report Tobias. base-system, please bump as necessary.
*** Bug 189694 has been marked as a duplicate of this bug. ***
Patch added to -r3
Arches please test and mark stable. Target keywords are: rsync-2.6.9-r3.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc ~sparc-fbsd x86 ~x86-fbsd"
already stable for ppc
sparc stable.
x86 done
amd64 stable
Stable for HPPA.
alpha/ia64 stable
ppc64 stable
All security supported arches done, changing status to [glsa], security your part.
glsa request filed, which makes the 20th draft waiting in the pool... *sigh*
200709-13 ... be patient :)