A heap overflow bug exists in rsync versions prior to 2.5.7. Onmachines where the rsync server has been enabled, a remote attackercould use this flaw to execute arbitrary code as an unprivileged user.
Comment
This release also includes an updated RHNS-CA-CERT file, which contains an additional CA certificate. This is needed so that up2date can continue to communicate with Red Hat Network once the current CA certificate reaches its August 2003 expiration date.
A bug has been found in versions of lv that read a .lv file in the current directory. Local attackers can use this to place an .lv file in any directory to which they have write access.
Versions of man before 1.51 have a bug where a malformed man file can cause a program named “unsafe” to be run.
Updated zlib packages are now available which fix a buffer overflow vulnerability.