Moderate: rsync security update
| Advisory: | RHSA-2011:0390-1 |
|---|---|
| Type: | Security Advisory |
| Severity: | Moderate |
| Issued on: | 2011-03-28 |
| Last updated on: | 2011-03-28 |
| Affected Products: | Red Hat Enterprise Linux Desktop (v. 6) Red Hat Enterprise Linux HPC Node (v. 6) Red Hat Enterprise Linux Server (v. 6) Red Hat Enterprise Linux Server EUS (v. 6.0.z) Red Hat Enterprise Linux Workstation (v. 6) |
| CVEs (cve.mitre.org): |
CVE-2011-1097 |
Details
An updated rsync package that fixes one security issue is now available for
Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
rsync is a program for synchronizing files over a network.
A memory corruption flaw was found in the way the rsync client processed
malformed file list data. If an rsync client used the "--recursive" and
"--delete" options without the "--owner" option when connecting to a
malicious rsync server, the malicious server could cause rsync on the
client system to crash or, possibly, execute arbitrary code with the
privileges of the user running rsync. (CVE-2011-1097)
Red Hat would like to thank Wayne Davison and Matt McCutchen for reporting
this issue.
Users of rsync should upgrade to this updated package, which contains a
backported patch to resolve this issue.
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
Updated packages
| Red Hat Enterprise Linux Desktop (v. 6) | |
| SRPMS: | |
| rsync-3.0.6-5.el6_0.1.src.rpm File outdated by: RHBA-2012:0473 |
MD5: bb40a83291bdb2c0ecbb24fecb9e72dc SHA-256: 70507582636cc2c562238d8871aebbb50c641bd8c983cf08047f6606114ede53 |
| IA-32: | |
| rsync-3.0.6-5.el6_0.1.i686.rpm File outdated by: RHBA-2012:0473 |
MD5: 82390bbe82b7974845f9d9c9812d092d SHA-256: 39f185a5f9327f5a63328cd9a93663077d91f6ba5d52366ff2e94762e1a81e2d |
| rsync-debuginfo-3.0.6-5.el6_0.1.i686.rpm File outdated by: RHBA-2012:0473 |
MD5: 9fcaa0f4b7331ebb531f1ccf768f1615 SHA-256: 8106060e6446992a1af09b235e8735ac0c20f3dc2a086217f763469b0b0a68e3 |
| x86_64: | |
| rsync-3.0.6-5.el6_0.1.x86_64.rpm File outdated by: RHBA-2012:0473 |
MD5: ae82ec62568334dbcdc83b9bf23cf718 SHA-256: c1d5bdea1eb2f56f1f8ef2363c025bd7d6cac7493c8852a8b046ac45401aba38 |
| rsync-debuginfo-3.0.6-5.el6_0.1.x86_64.rpm File outdated by: RHBA-2012:0473 |
MD5: a8a2a7f6c4c46b878696d9898ce72c41 SHA-256: 9b66e1874716c42044f7f1434672cff3c793549c2d68c1bb475cc365be8d7077 |
| Red Hat Enterprise Linux HPC Node (v. 6) | |
| SRPMS: | |
| rsync-3.0.6-5.el6_0.1.src.rpm File outdated by: RHBA-2012:0473 |
MD5: bb40a83291bdb2c0ecbb24fecb9e72dc SHA-256: 70507582636cc2c562238d8871aebbb50c641bd8c983cf08047f6606114ede53 |
| x86_64: | |
| rsync-3.0.6-5.el6_0.1.x86_64.rpm File outdated by: RHBA-2012:0473 |
MD5: ae82ec62568334dbcdc83b9bf23cf718 SHA-256: c1d5bdea1eb2f56f1f8ef2363c025bd7d6cac7493c8852a8b046ac45401aba38 |
| rsync-debuginfo-3.0.6-5.el6_0.1.x86_64.rpm File outdated by: RHBA-2012:0473 |
MD5: a8a2a7f6c4c46b878696d9898ce72c41 SHA-256: 9b66e1874716c42044f7f1434672cff3c793549c2d68c1bb475cc365be8d7077 |
| Red Hat Enterprise Linux Server (v. 6) | |
| SRPMS: | |
| rsync-3.0.6-5.el6_0.1.src.rpm File outdated by: RHBA-2012:0473 |
MD5: bb40a83291bdb2c0ecbb24fecb9e72dc SHA-256: 70507582636cc2c562238d8871aebbb50c641bd8c983cf08047f6606114ede53 |
| IA-32: | |
| rsync-3.0.6-5.el6_0.1.i686.rpm File outdated by: RHBA-2012:0473 |
MD5: 82390bbe82b7974845f9d9c9812d092d SHA-256: 39f185a5f9327f5a63328cd9a93663077d91f6ba5d52366ff2e94762e1a81e2d |
| rsync-debuginfo-3.0.6-5.el6_0.1.i686.rpm File outdated by: RHBA-2012:0473 |
MD5: 9fcaa0f4b7331ebb531f1ccf768f1615 SHA-256: 8106060e6446992a1af09b235e8735ac0c20f3dc2a086217f763469b0b0a68e3 |
| PPC: | |
| rsync-3.0.6-5.el6_0.1.ppc64.rpm File outdated by: RHBA-2012:0473 |
MD5: 0b16a39f8e286333c555d8cbbafa0ebe SHA-256: 171fc8fd8e513bbd7aebd349614fbf48c525403800245ea81077f0be7907c064 |
| rsync-debuginfo-3.0.6-5.el6_0.1.ppc64.rpm File outdated by: RHBA-2012:0473 |
MD5: 485641a5d186506324a1b4e3a51bf016 SHA-256: 51ed9664a0859ed786f9f3d6f57815c894538d5e36e14dd00cf1153941edd512 |
| s390x: | |
| rsync-3.0.6-5.el6_0.1.s390x.rpm File outdated by: RHBA-2012:0473 |
MD5: 676aae2865a23b71019090da522a7986 SHA-256: 256d5e544ec0cd42fdc77bf13617001f1c40b764a30228ddfe6cd970beafa8a1 |
| rsync-debuginfo-3.0.6-5.el6_0.1.s390x.rpm File outdated by: RHBA-2012:0473 |
MD5: 3cec1f76bf67f31d2379bdd3273de315 SHA-256: b835d194a9ab71b47fe5ddbdc6ce75afbef116d9a40e0a848e32c65600fb2fc7 |
| x86_64: | |
| rsync-3.0.6-5.el6_0.1.x86_64.rpm File outdated by: RHBA-2012:0473 |
MD5: ae82ec62568334dbcdc83b9bf23cf718 SHA-256: c1d5bdea1eb2f56f1f8ef2363c025bd7d6cac7493c8852a8b046ac45401aba38 |
| rsync-debuginfo-3.0.6-5.el6_0.1.x86_64.rpm File outdated by: RHBA-2012:0473 |
MD5: a8a2a7f6c4c46b878696d9898ce72c41 SHA-256: 9b66e1874716c42044f7f1434672cff3c793549c2d68c1bb475cc365be8d7077 |
| Red Hat Enterprise Linux Server EUS (v. 6.0.z) | |
| SRPMS: | |
| rsync-3.0.6-5.el6_0.1.src.rpm File outdated by: RHBA-2012:0473 |
MD5: bb40a83291bdb2c0ecbb24fecb9e72dc SHA-256: 70507582636cc2c562238d8871aebbb50c641bd8c983cf08047f6606114ede53 |
| IA-32: | |
| rsync-3.0.6-5.el6_0.1.i686.rpm | MD5: 82390bbe82b7974845f9d9c9812d092d SHA-256: 39f185a5f9327f5a63328cd9a93663077d91f6ba5d52366ff2e94762e1a81e2d |
| rsync-debuginfo-3.0.6-5.el6_0.1.i686.rpm | MD5: 9fcaa0f4b7331ebb531f1ccf768f1615 SHA-256: 8106060e6446992a1af09b235e8735ac0c20f3dc2a086217f763469b0b0a68e3 |
| PPC: | |
| rsync-3.0.6-5.el6_0.1.ppc64.rpm | MD5: 0b16a39f8e286333c555d8cbbafa0ebe SHA-256: 171fc8fd8e513bbd7aebd349614fbf48c525403800245ea81077f0be7907c064 |
| rsync-debuginfo-3.0.6-5.el6_0.1.ppc64.rpm | MD5: 485641a5d186506324a1b4e3a51bf016 SHA-256: 51ed9664a0859ed786f9f3d6f57815c894538d5e36e14dd00cf1153941edd512 |
| s390x: | |
| rsync-3.0.6-5.el6_0.1.s390x.rpm | MD5: 676aae2865a23b71019090da522a7986 SHA-256: 256d5e544ec0cd42fdc77bf13617001f1c40b764a30228ddfe6cd970beafa8a1 |
| rsync-debuginfo-3.0.6-5.el6_0.1.s390x.rpm | MD5: 3cec1f76bf67f31d2379bdd3273de315 SHA-256: b835d194a9ab71b47fe5ddbdc6ce75afbef116d9a40e0a848e32c65600fb2fc7 |
| x86_64: | |
| rsync-3.0.6-5.el6_0.1.x86_64.rpm | MD5: ae82ec62568334dbcdc83b9bf23cf718 SHA-256: c1d5bdea1eb2f56f1f8ef2363c025bd7d6cac7493c8852a8b046ac45401aba38 |
| rsync-debuginfo-3.0.6-5.el6_0.1.x86_64.rpm | MD5: a8a2a7f6c4c46b878696d9898ce72c41 SHA-256: 9b66e1874716c42044f7f1434672cff3c793549c2d68c1bb475cc365be8d7077 |
| Red Hat Enterprise Linux Workstation (v. 6) | |
| SRPMS: | |
| rsync-3.0.6-5.el6_0.1.src.rpm File outdated by: RHBA-2012:0473 |
MD5: bb40a83291bdb2c0ecbb24fecb9e72dc SHA-256: 70507582636cc2c562238d8871aebbb50c641bd8c983cf08047f6606114ede53 |
| IA-32: | |
| rsync-3.0.6-5.el6_0.1.i686.rpm File outdated by: RHBA-2012:0473 |
MD5: 82390bbe82b7974845f9d9c9812d092d SHA-256: 39f185a5f9327f5a63328cd9a93663077d91f6ba5d52366ff2e94762e1a81e2d |
| rsync-debuginfo-3.0.6-5.el6_0.1.i686.rpm File outdated by: RHBA-2012:0473 |
MD5: 9fcaa0f4b7331ebb531f1ccf768f1615 SHA-256: 8106060e6446992a1af09b235e8735ac0c20f3dc2a086217f763469b0b0a68e3 |
| x86_64: | |
| rsync-3.0.6-5.el6_0.1.x86_64.rpm File outdated by: RHBA-2012:0473 |
MD5: ae82ec62568334dbcdc83b9bf23cf718 SHA-256: c1d5bdea1eb2f56f1f8ef2363c025bd7d6cac7493c8852a8b046ac45401aba38 |
| rsync-debuginfo-3.0.6-5.el6_0.1.x86_64.rpm File outdated by: RHBA-2012:0473 |
MD5: a8a2a7f6c4c46b878696d9898ce72c41 SHA-256: 9b66e1874716c42044f7f1434672cff3c793549c2d68c1bb475cc365be8d7077 |
| (The unlinked packages above are only available from the Red Hat Network) | |
Bugs fixed (see bugzilla for more information)
675036 - CVE-2011-1097 rsync: Incremental file-list corruption due to temporary file_extra_cnt increments
References
https://www.redhat.com/security/data/cve/CVE-2011-1097.html
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/security/updates/classification/#moderate
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/
