Slashdot Mirror

← Back to Stories (view on slashdot.org)

New rsync Released to Fix Vulnerability

Posted by CowboyNeal on from the better-safe-than-sorry dept.

cshields2 writes "Today the rsync developers have released a new version that fixes an exploitable security vulnerability when running rsync as an 'rsync server.' Any server out there running rsync should check this out and upgrade if necessary. (which is every open source mirror server out there, and many mirrors themselves)"

2 of 226 comments (clear)

  1. Re:So... by Anonymous Coward · · Score: 5, Insightful
    It took the Debian developers over a *week* to find the cause of their servers being rooted, but Gentoo is able to accomplish the same in one day, *and* provide a fix?

    It seems obvious where the real talent in the Linux community lies today.

    In case you hadn't noticed, the Gentoo developers based their analysis on the Debian developers' work. The real talent in the Linux community lies in the community.

  2. Re:Gentoo by TheIzzy · · Score: 5, Insightful
    Hello?

    Security breaches happen. Even on OpenBSD and other "secure" systems. If you looked into the event at all, you would see that Gentoo did indeed have excellent security counter measures in place. No amount of firewalling is going to stop an *unknown* vulnerability from being exploited. No amount of security auditing is going to find *every* exploit in code as complex as gentoo's. The fact that the compromised server could be restored, and the compromising code be analysed and fixed within twenty-four hours is very impressive. If anything, this is a testiment to the security at gentoo.

    If I were a CTO or someone who was checking to make a switch, this would be very impressive. I don't, however, think this is gentoo's target audience. But I do know that Microsoft definitely does not have turn-around times that impressive.