Novell Home

CVE-2011-1097

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2011-1097 at MITRE

Description

rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via malformed data.

NVD CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entry: 684387

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 SP1
SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise Server 11 SP1 for VMware
  • rsync >= 3.0.4-2.36.2
sles11-sp1.x86
sles11-sp1.ia64
sles11-sp1.ppc
sled11-sp1.x86
sles11-sp1.x86-64
sles11-sp1.s390x
sles11-sp1-vmware.x86
sles11-sp1-vmware.x86-64
sled11-sp1.x86-64
SAT Patch Nr: 4300
openSUSE 11.2
  • rsync-debuginfo >= 3.0.6-3.5.1
  • rsync-debugsource >= 3.0.6-3.5.1
openSUSE 11.2
  • rsync >= 3.0.6-3.5.1
openSUSE 11.3
  • rsync-debuginfo >= 3.0.7-4.3.1
  • rsync-debugsource >= 3.0.7-4.3.1
openSUSE 11.3
  • rsync >= 3.0.7-4.3.1
openSUSE 11.4
  • rsync >= 3.0.7-8.9.1

© 2014 Novell