[Secure-testing-team] Bug#786423: rsync: MD5 collision DoS attack or limited file corruption
Salvatore Bonaccorso
carnil at debian.org
Thu May 21 13:34:21 UTC 2015
Source: rsync
Version: 3.1.1-3
Severity: important
Tags: security upstream patch fixed-upstream
Hi,
Filling this in the Debian BTS so that we can have a reference.
>From https://bugzilla.redhat.com/show_bug.cgi?id=1197601:
> Michael Samuel discovered that rsync was vulnerable to checksum
> collisions. This could prevent rsync from running and syncing files
> successfully, which could break various applications that use and
> rely on rsync.
>
> Details are available in the original report:
>
> http://www.openwall.com/lists/oss-security/2014/07/28/1
Upstream commit is
https://git.samba.org/?p=rsync.git;a=commit;h=eac858085e3ac94ec0ab5061d11f52652c90a869
See as well https://lists.samba.org/archive/rsync/2015-May/030123.html
Regards,
Salvatore
More information about the Secure-testing-team
mailing list