You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa rsync

Sigurnosni nedostatak programskog paketa rsync

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2014-04-18 14:23:57

Name : rsync
Product : Fedora 20
Version : 3.1.0
Release : 3.fc20
Summary : A program for synchronizing files over a network
Description :
Rsync uses a reliable algorithm to bring remote and host files into
sync very quickly. Rsync is fast because it just sends the differences
in the files over the network instead of sending the complete
files. Rsync is often used as a very powerful mirroring process or
just as a more capable replacement for the rcp command. A technical
report which describes the rsync algorithm is included in this

Update Information:

This update fixes CVE-2014-2855 and temporary reverts compilation with system provided zlib(BZ#1043965).

* Wed Apr 16 2014 Michal Luscon <> – 3.1.0-3
– Fixed: CVE-2014-2855 – denial of service
– Reverted: compilation with system provided zlib
* Sun Oct 20 2013 Michal Lusocn <> – 3.1.0-2
– Update to latest upstream 3.1.0
– Fixed #1018520 – missing rsyncd@.service

[ 1 ] Bug #1087841 – CVE-2014-2855 rsync: CPU consumption denial of service when authenticating with a non-existent username

This update can be installed with the “yum” update program. Use
su -c ‘yum update rsync’ at the command line.
For more information, refer to “Managing Software with yum”,
available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list

AutorMarijo Plepelic
Cert idNCERT-REF-2014-04-0035-ADV
More in Preporuke
Sigurnosni nedostatak programskog paketa jakarta-commons-fileupload

Otkriven je sigurnosni nedostatak u programskom paketu jakarta-commons-fileupload. Otkriveni nedostatak potencijalnim napadačima omogućuje izvođenje napada uskraćivanjem usluge slanjem posebno oblikovanog...