UbuntuUpdates.org

Package "rsync"

Name: rsync

Description:

fast, versatile, remote (and local) file-copying tool
Latest version: 3.1.3-8ubuntu0.5
Release: focal (20.04)
Level: security
Repository: main
Homepage: https://rsync.samba.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "rsync"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "rsync" in Focal

Repository Area Version
base main 3.1.3-8
updates main 3.1.3-8ubuntu0.7

Changelog

Version: 3.1.3-8ubuntu0.5 2023-03-06 17:06:56 UTC

  rsync (3.1.3-8ubuntu0.5) focal-security; urgency=medium

  * SECURITY UPDATE: arbitrary file write via malicious remote servers
    - d/p/CVE-2022-29154-*.patch: backported patches to fix the issue.
    - d/p/avoid_quoting_of_tilde_when_its_a_destination_arg.patch: added
      additional patch to fix regression.
    - CVE-2022-29154

 -- Marc Deslauriers <email address hidden> Tue, 28 Feb 2023 07:58:57 -0500
Source diff to previous version
CVE-2022-29154 An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peer

Version: 3.1.3-8ubuntu0.4 2022-08-18 23:09:22 UTC

  rsync (3.1.3-8ubuntu0.4) focal-security; urgency=medium

  * SECURITY UPDATE: zlib buffer overflow when inflating certain gzip
    hearders.
    - debian/patches/CVE-2022-37434-1.patch: catches overflow in
      inflateGetHeader by enforcing buffer size.
    - debian/patches/CVE-2022-37434-2.patch: prevents NULL dereference
      regression previous patch introduced.
    - CVE-2022-37434

 -- Mark Esler <email address hidden> Tue, 16 Aug 2022 13:48:36 -0500
Source diff to previous version
CVE-2022-37434 zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only appl

Version: 3.1.3-8ubuntu0.3 2022-03-31 14:06:21 UTC

  rsync (3.1.3-8ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: memory corruption when zlib deflating
    - debian/patches/CVE-2018-25032-1.patch: fix a bug that can crash
      deflate on some input when using Z_FIXED in zlib/deflate.c,
      zlib/deflate.h.
    - debian/patches/CVE-2018-25032-2.patch: assure that the number of bits
      for deflatePrime() is valid in zlib/deflate.c.
    - CVE-2018-25032

 -- Marc Deslauriers <email address hidden> Wed, 30 Mar 2022 14:02:52 -0400
CVE-2018-25032 zlib 1.2.11 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.


About   -   Send Feedback to @ubuntu_updates