Advisories ยป MGASA-2015-0409

Updated rsync packages fix security vulnerability

Publication date: 25 Oct 2015
Type: security
Affected Mageia releases : 5


Michael Samuel discovered that rsync was vulnerable to checksum
collisions. This could prevent rsync from running and syncing files
successfully, which could break various applications that use and rely on
rsync (rhbz#1197601).

The patched rsync will now operate in a way that is not vulnerable to this
issue as long as both the rsync client and rsync server support the new
'C' option that has been added.  This issue is similar to an issue in
librsync which was fixed in MGASA-2015-0146.