[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] SUSE Security Announcement: kdelibs (SuSE-SA:2004:014)



Kastus wrote on Thu Jun 03 2004 - 19:44:15 CEST:
>
> On Wed, May 26, 2004 at 01:41:23PM +0200, Sebastian Krahmer wrote:
>> 
>> 2)  Pending vulnerabilities in SUSE Distributions and Workarounds:
>> 
>>     - rsync
>>     rsync prior to version 2.6.1 does not properly sanitize paths
>>     when running as read/write daemon without chroot.
>>     New update packages are available on our ftp servers 
>>     which fix this problem.
>> 
>
> This is about rsync-2.6.2-8.2, right?
>
> I've updated using YOU 
> and now am not able to rsync large directories:
>
>        rsync -av --delete /home/* /home.backup/
>        building file list ... done
>        rsync: connection unexpectedly closed (8 bytes read so far)
>        rsync error: error in rsync protocol data stream (code 12) 
>        at io.c(342)
>
> The version shipped with 9.1 works just fine with the same directories.
>
> Was this update rushed in? Any fixes?
>
> Thanks, -Kastus
>
>-- 

Hi Kastus,

IIRC, both YOU and fou4s download the patch rpms
unless you tell them otherwise.

Have you tried the "unpatched" rsync-*.rpm
which is also available from the SuSE ftp servers ???

Might be worth a try.

Hope this helps,
Gar

--




__________________________________________________________________
Introducing the New Netscape Internet Service. 
Only $9.95 a month -- Sign up today at http://isp.netscape.com/register

Netscape. Just the Net You Need. 

New! Netscape Toolbar for Internet Explorer
Search from anywhere on the Web and block those annoying pop-ups.
Download now at http://channels.netscape.com/ns/search/install.jsp

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here