| Description: | rsync is a program for synchronizing files over a network.
A memory corruption flaw was found in the way the rsync client processed malformed file list data. If an rsync client used the "--recursive" and "--delete" options without the "--owner" option when connecting to a malicious rsync server, the malicious server could cause rsync on the client system to crash or, possibly, execute arbitrary code with the privileges of the user running rsync. (CVE-2011-1097)
Red Hat would like to thank Wayne Davison and Matt McCutchen for reporting this issue.
Users of rsync should upgrade to this updated package, which contains a backported patch to resolve this issue.
|