Package: rsync Version: 2.6.4-6 Severity: grave Tags: security Justification: user security hole
Integer overflow in the receive_xattr function in the extended attributes patch (xattr.c) for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes that trigger a buffer overflow. See http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2083 for more details. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.11-1-686 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages rsync depends on: ii libc6 2.3.2.ds1-22sarge3 GNU C Library: Shared libraries an ii libpopt0 1.7-5 lib for parsing cmdline parameters -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
