FS#44175 : [librsync][CVE-2014-8242]MD4 collision file corruption

FS#44175 - [librsync][CVE-2014-8242]MD4 collision file corruption

Attached to Project: Community Packages
Opened by Christian Rebischke (Shibumi) - Friday, 13 March 2015, 15:29 GMT
Last edited by Evangelos Foutras (foutrelis) - Monday, 16 March 2015, 00:16 GMT

Task Type	Bug Report
Category	Packages
Status	Closed
Assigned To	Evangelos Foutras (foutrelis)
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Summary
=======

Michael Samuel discovered that rsync was vulnerable to checksum collisions. This could prevent rsync from running and syncing files successfully, which could break various applications that use and rely on rsync.

References
===========
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8242
http://www.openwall.com/lists/oss-security/2014/07/28/1
http://www.openwall.com/lists/oss-security/2014/10/13/2

This task depends upon

Closed by Evangelos Foutras (foutrelis)
Monday, 16 March 2015, 00:16 GMT
Reason for closing: Fixed
Additional comments about closing: librsync 1.0.0-1

Comment by Evangelos Foutras (foutrelis) - Saturday, 14 March 2015, 14:30 GMT

librsync 1.0.0-1 in [community-testing].

I'll close this task once it moves to [community].

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#44175 - [librsync][CVE-2014-8242]MD4 collision file corruption

Details

Loading...