[SECURITY] Fedora 20 Update: rsync-3.1.0-3.fc20

updates at fedoraproject.org updates at fedoraproject.org
Sun Apr 20 01:29:59 UTC 2014 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-5315
2014-04-18 14:23:57
--------------------------------------------------------------------------------

Name        : rsync
Product     : Fedora 20
Version     : 3.1.0
Release     : 3.fc20
URL         : http://rsync.samba.org/
Summary     : A program for synchronizing files over a network
Description :
Rsync uses a reliable algorithm to bring remote and host files into
sync very quickly. Rsync is fast because it just sends the differences
in the files over the network instead of sending the complete
files. Rsync is often used as a very powerful mirroring process or
just as a more capable replacement for the rcp command. A technical
report which describes the rsync algorithm is included in this
package.

--------------------------------------------------------------------------------
Update Information:

This update fixes CVE-2014-2855 and temporary reverts compilation with system provided zlib(BZ#1043965).
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 16 2014 Michal Luscon <mluscon at redhat.com> - 3.1.0-3
- Fixed: CVE-2014-2855 - denial of service
- Reverted: compilation with system provided zlib
* Sun Oct 20 2013 Michal Lusocn <mluscon at redhat.com> - 3.1.0-2
- Update to latest upstream 3.1.0
- Fixed #1018520 - missing rsyncd at .service
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1087841 - CVE-2014-2855 rsync: CPU consumption denial of service when authenticating with a non-existent username
        https://bugzilla.redhat.com/show_bug.cgi?id=1087841
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update rsync' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list