ports/59952: [security update] [non-maintainer] rsync -> 2.5.7
Simon Barner
barner at in.tum.de
Thu Dec 4 14:20:16 UTC 2003
>Number: 59952
>Category: ports
>Synopsis: [security update] [non-maintainer] rsync -> 2.5.7
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Thu Dec 04 06:20:12 PST 2003
>Closed-Date:
>Last-Modified:
>Originator: Simon Barner
>Release: FreeBSD 4.9-PRERELEASE i386
>Organization:
>Environment:
System: FreeBSD zi025.glhnet.mhn.de 4.9-PRERELEASE FreeBSD 4.9-PRERELEASE #1: Thu Sep 4 20:49:53 CEST 2003 simon at zi025.glhnet.mhn.de:/usr/src/sys/compile/KISTE i386
>Description:
According to http://rsync.samba.org/, there is a remotely exploitable
heap overflow in the rsync daemon.
(This bug and a recent local Linux exploit were used to compromise one
of the Gentoo project's rsync servers!)
>How-To-Repeat:
N/A
>Fix:
Index: rsync/Makefile
===================================================================
RCS file: /home/ncvs/ports/net/rsync/Makefile,v
retrieving revision 1.86
diff -u -r1.86 Makefile
--- rsync/Makefile 16 Nov 2003 23:08:12 -0000 1.86
+++ rsync/Makefile 4 Dec 2003 14:05:35 -0000
@@ -7,8 +7,7 @@
#
PORTNAME= rsync
-PORTVERSION= 2.5.6
-PORTREVISION= 2
+PORTVERSION= 2.5.7
CATEGORIES= net ipv6
MASTER_SITES= ftp://samba.anu.edu.au/pub/rsync/ \
ftp://sunsite.auc.dk/pub/unix/rsync/ \
Index: rsync/distinfo
===================================================================
RCS file: /home/ncvs/ports/net/rsync/distinfo,v
retrieving revision 1.33
diff -u -r1.33 distinfo
--- rsync/distinfo 28 Jan 2003 16:50:01 -0000 1.33
+++ rsync/distinfo 4 Dec 2003 14:05:35 -0000
@@ -1 +1 @@
-MD5 (rsync-2.5.6.tar.gz) = ec39fcea433df4d6a3a4e0896c655535
+MD5 (rsync-2.5.7.tar.gz) = 9b3ec929091d7849f42b973247918a55
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list