New rsync packages are available to fix security problems.
Here’s the information from the Slackware 8.0 ChangeLog:
Mon Mar 11 15:09:26 PST 2002
patches/packages/rsync.tgz: Upgraded to rsync-2.5.3. This fixes two security
problems:
Make sure that supplementary groups are removed from a server
process after changing uid and gid. (Ethan Benson) (Debian bug
#132272, CVE CAN-2002-0080)
Fix zlib double-free bug. (Owen Taylor, Mark J Cox) (CVE CAN-2002-0059)
We recommend that sites providing external rsync access upgrade to the fixed
rsync package as soon as possible.
Updated rsync package for Slackware 8.0:
ftp://ftp.slackware.com/pub/slackware/slackware-8.0/patches/packages/rsync.tgz
Updated rsync package for Slackware 7.1:
ftp://ftp.slackware.com/pub/slackware/slackware-7.1/patches/packages/rsync.tgz
Here are the md5sums for the packages:
Slackware 8.0:
e88390bae124be2af4b707ad3fbfc791 rsync.tgz
Slackware 7.1:
959b82dd4fbb84da564b2ce18eb56afc rsync.tgz
Simply upgrade as root:
> upgradepkg rsync.tgz
Remember, it’s also a good idea to backup configuration files before
upgrading packages.