--===============1896934274==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="rwEMma7ioTxnRzrJ"
Content-Disposition: inline


--rwEMma7ioTxnRzrJ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

There has been some talk about a zlib security problem that could let
someone overflow the buffers in the zlib decompression code, potentially
allowing someone to craft an exploit to execute arbitrary code. Since
this is a decompression bug, this can only affect an rsync daemon if
it allows uploads with the --compress option enabled.

If you run a daemon that allows uploads, you may wish to add this line
to your rsyncd.conf file:

refuse options = compress

(If you already refuse other options, add "compress" after a space to
that line instead of adding a new line.)

I have just finished updating the zlib code in CVS to version 1.2.2 plus
a security patch that fixes this latest exploit. The other changes in
CVS are all worthwhile fixes, so I have decided to release the current
CVS version as 2.6.6pre1 -- the first pre-release of version 2.6.6.

You can read about all the changes between 2.6.5 and 2.6.6pre1 here:

http://rsync.samba.org/ftp/rsync/preview/NEWS

You can grab the source tar and its signature here:

http://rsync.samba.org/ftp/rsync/pre...6.6pre1.tar.gz
http://rsync.samba.org/ftp/rsync/pre...re1.tar.gz.asc

If you exercise the compression code of this pre-release version of
rsync, please drop me a line and let me know. Thanks!

...wayne..

--rwEMma7ioTxnRzrJ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCzbVxbIWfsUuWqMURAiN9AJ0bS9KLVjOBqTIlSS2JL2 oq3qgj9ACgp/RF
JZcIjx8ALoeIdyKomoukunE=
=hFIN
-----END PGP SIGNATURE-----

--rwEMma7ioTxnRzrJ--

--===============1896934274==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
rsync-announce mailing list
rsync-announce@lists.samba.org
https://lists.samba.org/mailman/listinfo/rsync-announce

--===============1896934274==--