CVE-2011-1097
Published: 30 March 2011
rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via malformed data.
Notes
| Author | Note |
|---|---|
| mdeslaur | 3.0.0 and higher, so dapper and hardy are't affected |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
rsync Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(2.6.6-1ubuntu2.1)
|
| hardy |
Not vulnerable
(2.6.9-6ubuntu2)
|
|
| karmic |
Released
(3.0.6-1ubuntu1.1)
|
|
| lucid |
Released
(3.0.7-1ubuntu1.1)
|
|
| maverick |
Released
(3.0.7-2ubuntu1.1)
|
|
| upstream |
Released
(3.0.8)
|
|
|
Patches: upstream: http://gitweb.samba.org/?p=rsync.git;a=commitdiff;h=83b94efa6b60a3ff5eee4c5f7812c617a90a03f6;hp=c8255147b06b74dad940d32f9cef5fbe17595239 |
||