|
DESCRIPTION rsync is a program for sychronizing files over the network. While not enabled by default, the server component is vulnerable to a heap overflow, which could allow arbitrary code execution. Coupled with the recent do_brk() kernel bug, this could lead to remote root compromise. SOLUTION Download the following RPM packages to the NetWinder into a temporary
directory, then install them with the command "rpm -Uvh *.rpm". Be sure
there are no other files ending in ".rpm" in the temporary directory. See
http://www.netwinder.org/security/install.html for more help. Required packages ftp://ftp.netwinder.org/pub/netwinder/updates/nw-9/armv4l/rsync-2.5.7-0.9.armv4l.rpm Optional packages ftp://ftp.netwinder.org/pub/netwinder/updates/nw-9/SRPMS/rsync-2.5.7-0.9.src.rpm REFERENCES https://rhn.redhat.com/errata/RHSA-2003-398.html |