The rsync-team released an advisory about a security problem in rsync. If rsync is running in daemon-mode and without a chroot environment it is possible for a remote attacker to trick rsyncd into creating an absolute pathname while sanitizing it. As a result it is possible to read/write from/to files outside the rsync directory.
As a temporary workaround we suggest to keep the chroot-option of rsyncd enabled or to avoid the daemon-mode and use SSH as transport channel if possible.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE | 9.0 | i586 | rsync | < 2.6.2-26 | rsync-2.6.2-26.i586.rpm |
openSUSE | 8.2 | i586 | rsync | < 2.6.2-26 | rsync-2.6.2-26.i586.rpm |
openSUSE | 9.1 | i586 | rsync | < 2.6.2-8.9 | rsync-2.6.2-8.9.i586.rpm |
openSUSE | 8.1 | i586 | rsync | < 2.6.2-25 | rsync-2.6.2-25.i586.rpm |
openSUSE | 9.1 | x86_64 | rsync | < 2.6.2-8.9 | rsync-2.6.2-8.9.x86_64.rpm |
openSUSE | 9.0 | x86_64 | rsync | < 2.6.2-26 | rsync-2.6.2-26.x86_64.rpm |