* [Sysadmins] JFYI: CVE-2008-1720 (rsync) seems not applicable to M40/M24
@ 2008-04-11 19:56 Michael Shigorin
0 siblings, 0 replies; only message in thread
From: Michael Shigorin @ 2008-04-11 19:56 UTC (permalink / raw)
To: sysadmins
[-- Attachment #1: Type: text/plain, Size: 507 bytes --]
Здравствуйте.
Насколько могу судить, CVE-2008-1720 (integer overflow in rsync,
remote code execution) не имеет отношения к сборкам rsync в
updates/Master/2.4 и updates/4.0.
Версия в M24 не пропатчена для _наличия_ данной уязвимости,
а версия в M40 собрана без соответствующей фичи.
Тем временем в Sisyphus наблюдается сборка 3.0.2, содержащая
как исправление проблемы, так и поддержку xattr.
--
---- WBR, Michael Shigorin <mike@altlinux.ru>
------ Linux.Kiev http://www.linux.kiev.ua/
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2008-04-11 19:56 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2008-04-11 19:56 [Sysadmins] JFYI: CVE-2008-1720 (rsync) seems not applicable to M40/M24 Michael Shigorin
ALT Linux sysadmins discussion
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/sysadmins/0 sysadmins/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 sysadmins sysadmins/ http://lore.altlinux.org/sysadmins \
sysadmins@lists.altlinux.org sysadmins@lists.altlinux.ru sysadmins@lists.altlinux.com
public-inbox-index sysadmins
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.sysadmins
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git