CVE-2011-1097 | Ubuntu

rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via malformed data.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
rsync	10.10 maverick	Fixed 3.0.7-2ubuntu1.1
	10.04 LTS lucid	Fixed 3.0.7-1ubuntu1.1
	9.10 karmic	Fixed 3.0.6-1ubuntu1.1
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Not affected

Notes

mdeslaur

3.0.0 and higher, so dapper and hardy are't affected

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
rsync	Upstream: http://gitweb.samba.org/?p=rsync.git;a=commitdiff;h=83b94efa6b60a3ff5eee4c5f7812c617a90a03f6;hp=c8255147b06b74dad940d32f9cef5fbe17595239

References

Related Ubuntu Security Notices (USN)

USN-1124-1
rsync vulnerability
27 April 2011

Other references

https://www.cve.org/CVERecord?id=CVE-2011-1097