Ubuntu Security Notice 500-1 - Sebastian Krahmer discovered that rsync contained an off-by-one miscalculation when handling certain file paths. By creating a specially crafted tree of files and tricking an rsync server into processing them, a remote attacker could write a single NULL to stack memory, possibly leading to arbitrary code execution.
66952b127af5abd233f0d4ad3789b933e224ad98c54db6cb3304b1fb0ae1a0ea