Your submission was sent successfully! Close

CVE-2011-1097

Published: 30 March 2011

rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via malformed data.

Notes

AuthorNote
mdeslaur
3.0.0 and higher, so dapper and hardy are't affected
Priority

Medium

Status

Package Release Status
rsync
Launchpad, Ubuntu, Debian
dapper Not vulnerable
(2.6.6-1ubuntu2.1)
hardy Not vulnerable
(2.6.9-6ubuntu2)
karmic
Released (3.0.6-1ubuntu1.1)
lucid
Released (3.0.7-1ubuntu1.1)
maverick
Released (3.0.7-2ubuntu1.1)
upstream
Released (3.0.8)
Patches:
upstream: http://gitweb.samba.org/?p=rsync.git;a=commitdiff;h=83b94efa6b60a3ff5eee4c5f7812c617a90a03f6;hp=c8255147b06b74dad940d32f9cef5fbe17595239