[rsync-announce] rsync 2.6.6pre1 released (ALERT: info on zlib

This is a discussion on [rsync-announce] rsync 2.6.6pre1 released (ALERT: info on zlib within the Rsync forums, part of the Networking and Network Related category; --===============1896934274== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="rwEMma7ioTxnRzrJ" Content-Disposition: ...


Go Back   Usenet Forums > Networking and Network Related > Rsync

Reload this Page [rsync-announce] rsync 2.6.6pre1 released (ALERT: info on zlib

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 07-08-2005
rsync-announce@lists.samba.org
 
Posts: n/a
Default [rsync-announce] rsync 2.6.6pre1 released (ALERT: info on zlib

--===============1896934274==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="rwEMma7ioTxnRzrJ"
Content-Disposition: inline


--rwEMma7ioTxnRzrJ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

There has been some talk about a zlib security problem that could let
someone overflow the buffers in the zlib decompression code, potentially
allowing someone to craft an exploit to execute arbitrary code. Since
this is a decompression bug, this can only affect an rsync daemon if
it allows uploads with the --compress option enabled.

If you run a daemon that allows uploads, you may wish to add this line
to your rsyncd.conf file:

refuse options = compress

(If you already refuse other options, add "compress" after a space to
that line instead of adding a new line.)

I have just finished updating the zlib code in CVS to version 1.2.2 plus
a security patch that fixes this latest exploit. The other changes in
CVS are all worthwhile fixes, so I have decided to release the current
CVS version as 2.6.6pre1 -- the first pre-release of version 2.6.6.

You can read about all the changes between 2.6.5 and 2.6.6pre1 here:

http://rsync.samba.org/ftp/rsync/preview/NEWS

You can grab the source tar and its signature here:

http://rsync.samba.org/ftp/rsync/pre...6.6pre1.tar.gz
http://rsync.samba.org/ftp/rsync/pre...re1.tar.gz.asc

If you exercise the compression code of this pre-release version of
rsync, please drop me a line and let me know. Thanks!

...wayne..

--rwEMma7ioTxnRzrJ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCzbVxbIWfsUuWqMURAiN9AJ0bS9KLVjOBqTIlSS2JL2 oq3qgj9ACgp/RF
JZcIjx8ALoeIdyKomoukunE=
=hFIN
-----END PGP SIGNATURE-----

--rwEMma7ioTxnRzrJ--

--===============1896934274==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
rsync-announce mailing list
rsync-announce@lists.samba.org
https://lists.samba.org/mailman/listinfo/rsync-announce

--===============1896934274==--
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 04:29 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0