UbuntuUpdates.org

Package "rsync"

Name: rsync

Description:

fast, versatile, remote (and local) file-copying tool

Latest version: 3.0.9-1ubuntu1.3
Release: precise (12.04)
Level: updates
Repository: main
Homepage: http://rsync.samba.org/

Links


Download "rsync"


Other versions of "rsync" in Precise

Repository Area Version
base main 3.0.9-1ubuntu1
security main 3.0.9-1ubuntu1.3

Changelog

Version: 3.0.9-1ubuntu1.3 2021-05-03 16:06:19 UTC

  rsync (3.0.9-1ubuntu1.3) precise-security; urgency=medium

  * SECURITY UPDATE: receive_xattr function does not check
    for '\0' character allowing denial of service attacks
    - debian/patches/CVE-2017-16548.patch: enforce trailing
      \0 when receiving xattr values in xattrs.c.
    - CVE-2017-16548
  * SECURITY UPDATE: Allows remote attacker to bypass argument
    - debian/patches/CVE-2018-5764.patch: Ignore --protect-args
      when already sent by client in options.c.
    - CVE-2018-5764

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 18 Jan 2018 16:43:26 -0300

Source diff to previous version
CVE-2017-16548 The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allo
CVE-2018-5764 The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attacker

Version: 3.0.9-1ubuntu1.1 2016-01-21 21:06:25 UTC

  rsync (3.0.9-1ubuntu1.1) precise-security; urgency=medium

  * SECURITY UPDATE: rsync path spoofing attack
    - debian/patches/CVE-2014-9512-0.patch: reject invalid filenames in
      filelist in flist.c, rsync.h, util.c.
    - debian/patches/CVE-2014-9512-1.patch: complain if an inc-recursive
      path is not right for its dir in flist.c, io.c, main.c, rsync.c.
    - debian/patches/CVE-2014-9512-2.patch: add parent-dir validation for
      --no-inc-recurse too in flist.c, generator.c.
    - CVE-2014-9512

 -- Marc Deslauriers Wed, 20 Jan 2016 08:00:00 -0500

CVE-2014-9512 rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.



About   -   Send Feedback to @ubuntu_updates