PublicDateAtUSN: 2011-03-30
Candidate: CVE-2011-1097
PublicDate: 2011-03-30 22:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1097
 https://ubuntu.com/security/notices/USN-1124-1
Description:
 rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership
 options are used, allows remote rsync servers to cause a denial of service
 (heap memory corruption and application crash) or possibly execute
 arbitrary code via malformed data.
Ubuntu-Description:
Notes:
 mdeslaur> 3.0.0 and higher, so dapper and hardy are't affected
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=675036
 https://bugzilla.samba.org/show_bug.cgi?id=7936
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_rsync:
 upstream: http://gitweb.samba.org/?p=rsync.git;a=commitdiff;h=83b94efa6b60a3ff5eee4c5f7812c617a90a03f6;hp=c8255147b06b74dad940d32f9cef5fbe17595239
upstream_rsync: released (3.0.8)
dapper_rsync: not-affected (2.6.6-1ubuntu2.1)
hardy_rsync: not-affected (2.6.9-6ubuntu2)
karmic_rsync: released (3.0.6-1ubuntu1.1)
lucid_rsync: released (3.0.7-1ubuntu1.1)
maverick_rsync: released (3.0.7-2ubuntu1.1)
devel_rsync: released (3.0.7-2ubuntu3)