This ERRATA for SL 6.x i386/x86_64 is now available from: ftp://ftp.scientificlinux.org/linux/scientific/6x/i386/updates/security/ ftp://ftp.scientificlinux.org/linux/scientific/6x/x86_64/updates/security/ Synopsis: Moderate: rsync security update Issue date: 2011-03-29 CVE Names: CVE-2011-1097 A memory corruption flaw was found in the way the rsync client processed malformed file list data. If an rsync client used the "--recursive" and "--delete" options without the "--owner" option when connecting to a malicious rsync server, the malicious server could cause rsync on the client system to crash or, possibly, execute arbitrary code with the privileges of the user running rsync. (CVE-2011-1097) We would like to thank Wayne Davison and Matt McCutchen for reporting this issue. -------------------------------------------------------------------------- SL 6.x SRPMS: rsync-3.0.6-5.el6_0.1.src.rpm i386: rsync-3.0.6-5.el6_0.1.i686.rpm x86_64: rsync-3.0.6-5.el6_0.1.x86_64.rpm -Connie Sieh -Troy Dawson