Mandriva Linux Security Advisory : rsync (MDVSA-2011:066)
Medium Nessus Plugin ID 53302
SynopsisThe remote Mandriva Linux host is missing a security update.
DescriptionA vulnerability wase discovered and corrected in rsync :
rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via malformed data (CVE-2011-1097).
Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:
The updated packages have been patched to correct this issue.
SolutionUpdate the affected rsync package.