This is an old report from May 1999 but it wasn't reported on this
channel yet.

The author of rsync, Andrew Tridgell, has reported that former
versions of rsync contained a security-related bug.  I you were
transferring an empty directory into a non-existent directory on a
remote host, permissions on the remote host may be mangled.  This bug
may only happen in very rare cases.  It's not likely that you have
experienced this, but you'd better check the permissions of your home
directories.

We recommend you upgrade your rsync package.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 2.1 alias slink
--------------------------------

  Source archives:

          MD5 checksum: f0c1e8a59d845f9e730077ab58d4b857
          MD5 checksum: 6a8e3606d4447a84402738c3dff56e16
          MD5 checksum: 907a0ae01417d54e53cb84b069ba1620

  Alpha architecture:

          MD5 checksum: e85eb2f4314d9b24e3e1b5ee1b36b56c

  Intel ia32 architecture:

          MD5 checksum: 1596e1746d1685a69972851b62eb66c1

  Motorola 680x0 architecture:

          MD5 checksum: 3f1b06222b8303c02e3d32419d47ec5d

  Sun Sparc architecture:

          MD5 checksum: 9ed41aadbcccff7f992b91b55f953aae


Debian GNU/Linux unstable alias potato
--------------------------------------

  Source archives:

    .
1-2.diff.gz
      MD5 checksum: 1db28be72470cd1eba256bf1f4f96686
    .1-2.dsc
      MD5 checksum: 8dc07ae51c471459024a3e9a86164b14
    .1
.orig.tar.gz
      MD5 checksum: 907a0ae01417d54e53cb84b069ba1620

  Alpha architecture:

          MD5 checksum: 5b0514225688bcd3a6cd1a496d6498d0

  ARM architecture:

          MD5 checksum: b10f673f474698d2cf335d47674ea84f

  Intel ia32 architecture:

          MD5 checksum: 57500b60f942023980ed0eba2a682ef1

  Motorola 680x0 architecture:

          MD5 checksum: 71b76867cc3c572affb544c3729222c7

  PowerPC architecture:

          MD5 checksum: 4d5e5c1817ecfcd689748383484ee8ad

  Sun Sparc architecture:

          MD5 checksum: 7fb6a6b76e3279d4d48344648cfea4ac

--
Debian GNU/Linux      .    Security Managers     .   security@debian.org
              debian-security-announce@lists.debian.org
  Christian Hudon     .     Wichert Akkerman     .     Martin Schulze
   .     .

New versions of rsync fixes security hole

December 13, 1999
This is an old report from May 1999 but it wasn't reported on this channel yet.

Summary

We recommend you upgrade your rsync package.

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

Debian GNU/Linux 2.1 alias slink
--------------------------------

Source archives:

MD5 checksum: f0c1e8a59d845f9e730077ab58d4b857
MD5 checksum: 6a8e3606d4447a84402738c3dff56e16
MD5 checksum: 907a0ae01417d54e53cb84b069ba1620

Alpha architecture:

MD5 checksum: e85eb2f4314d9b24e3e1b5ee1b36b56c

Intel ia32 architecture:

MD5 checksum: 1596e1746d1685a69972851b62eb66c1

Motorola 680x0 architecture:

MD5 checksum: 3f1b06222b8303c02e3d32419d47ec5d

Sun Sparc architecture:

MD5 checksum: 9ed41aadbcccff7f992b91b55f953aae


Debian GNU/Linux unstable alias potato
--------------------------------------

Source archives:

.
1-2.diff.gz
MD5 checksum: 1db28be72470cd1eba256bf1f4f96686
.1-2.dsc
MD5 checksum: 8dc07ae51c471459024a3e9a86164b14
.1
.orig.tar.gz
MD5 checksum: 907a0ae01417d54e53cb84b069ba1620

Alpha architecture:

MD5 checksum: 5b0514225688bcd3a6cd1a496d6498d0

ARM architecture:

MD5 checksum: b10f673f474698d2cf335d47674ea84f

Intel ia32 architecture:

MD5 checksum: 57500b60f942023980ed0eba2a682ef1

Motorola 680x0 architecture:

MD5 checksum: 71b76867cc3c572affb544c3729222c7

PowerPC architecture:

MD5 checksum: 4d5e5c1817ecfcd689748383484ee8ad

Sun Sparc architecture:

MD5 checksum: 7fb6a6b76e3279d4d48344648cfea4ac

--
Debian GNU/Linux . Security Managers . security@debian.org
debian-security-announce@lists.debian.org
Christian Hudon . Wichert Akkerman . Martin Schulze
. .




Severity
The author of rsync, Andrew Tridgell, has reported that former
versions of rsync contained a security-related bug. I you were
transferring an empty directory into a non-existent directory on a
remote host, permissions on the remote host may be mangled. This bug
may only happen in very rare cases. It's not likely that you have
experienced this, but you'd better check the permissions of your home
directories.

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up