http://lwn.net/Articles/61541/ This is a special feed containing comments posted to the individual LWN article titled "Remotely exploitable heap overflow in rsync". hourly 2 http://lwn.net/Articles/61654/rss 2003-12-05T05:24:15+00:00 proski There are new updates in unstable. Python is fixed. It happened just an hour after my previous post. Quite a coincidence. http://lwn.net/Articles/61644/rss 2003-12-05T03:26:01+00:00 proski Debian unstable still has no updates. In addition to that, there is a <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=222088">dependency problem that prevents upgrading Python</a>. Such problems are normally resolved next day, but now we are stuck in this state for more than a week. http://lwn.net/Articles/61643/rss 2003-12-05T02:44:18+00:00 fLameDogg Neener ;O) http://lwn.net/Articles/61630/rss 2003-12-04T23:34:27+00:00 JoeBuck <p> Ignore previous comment; I went directly to the story from Slashdot so I didn't see the teaser item on the main LWN page. http://lwn.net/Articles/61629/rss 2003-12-04T23:33:17+00:00 JoeBuck <p> Any connection to the Gentoo attack? http://lwn.net/Articles/61592/rss 2003-12-04T20:45:17+00:00 stevenj I just checked, and an rsync_2.5.5-0.2 package has apparently just been uploaded to the Debian security server; the changelog indicates that it is for the bug reported here.<p>Those guys are fast. http://lwn.net/Articles/61587/rss 2003-12-04T20:14:04+00:00 Ross Doh. And I meant to say &quot;shouldn't&quot;. http://lwn.net/Articles/61586/rss 2003-12-04T20:13:02+00:00 Ross But it should say &quot;contains&quot; :) http://lwn.net/Articles/61576/rss 2003-12-04T19:31:22+00:00 smoogen Please note that this vulnerability only affects the use of rsync as a<br>&quot;rsync server&quot;. To see if you are running a rsync server you should<br>use the netstat command to see if you are listening on TCP port<br>873. If you are not listening on TCP port 873 then you are not running<br>a rsync server.<p>--<p>Or have been rooted already and netstat has been replaced. http://lwn.net/Articles/61567/rss 2003-12-04T19:14:53+00:00 hamjudo All the previous versions that support the remote protocol, <i>rsync server</i>, are vulnerable. See <a href=http://rsync.samba.org/>rsync.samba.org</a> for a revised announcement.<p> It now says <br>- rsync version <b>2.5.6 and earlier</b> contains a heap overflow... http://lwn.net/Articles/61562/rss 2003-12-04T18:44:46+00:00 utoddl What about versions prior to 2.5.6? The article isn't clear on that.