Package "rsync"
Name: |
rsync
|
Description: |
fast, versatile, remote (and local) file-copying tool
|
Latest version: |
3.1.0-2ubuntu0.4 |
Release: |
trusty (14.04) |
Level: |
security |
Repository: |
main |
Homepage: |
http://rsync.samba.org/ |
Links
Download "rsync"
Other versions of "rsync" in Trusty
Changelog
rsync (3.1.0-2ubuntu0.4) trusty-security; urgency=medium
* SECURITY UPDATE: receive_xattr function does not check
for '\0' character allowing denial of service attacks
- debian/patches/CVE-2017-16548.patch: enforce trailing
\0 when receiving xattr values in xattrs.c.
- CVE-2017-16548
* SECURITY UPDATE: Allows remote attacker to bypass argument
- debian/patches/CVE-2018-5764.patch: Ignore --protect-args
when already sent by client in options.c.
- CVE-2018-5764
-- <email address hidden> (Leonidas S. Barbosa) Thu, 18 Jan 2018 17:00:13 -0300
|
Source diff to previous version |
CVE-2017-16548 |
The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allo |
CVE-2018-5764 |
The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attacker |
|
rsync (3.1.0-2ubuntu0.3) trusty-security; urgency=medium
* SECURITY UPDATE: bypass intended access restrictions
- debian/patches/CVE-2017-17433.patch: check fname in
recv_files sooner in receiver.c.
- CVE-2017-17433
* SECURITY UPDATE: not check for fnamecmp filenames and
does not apply sanitize_paths
- debian/patches/CVE-2017-17434-part1.patch: check daemon
filter against fnamecmp in receiver.c.
- debian/patches/CVE-2017-17434-part2.patch: sanitize xname
in rsync.c.
- CVE-2017-17434
-- <email address hidden> (Leonidas S. Barbosa) Wed, 06 Dec 2017 11:36:31 -0300
|
Source diff to previous version |
CVE-2017-17433 |
The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-11-03, proceeds with certain file metadata upda |
CVE-2017-17434 |
The daemon in rsync 3.1.2, and 3.1.3-development before 2017-11-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (i |
|
rsync (3.1.0-2ubuntu0.2) trusty-security; urgency=medium
* SECURITY UPDATE: rsync path spoofing attack
- debian/patches/CVE-2014-9512-0.patch: reject invalid filenames in
filelist in flist.c, rsync.h, util.c.
- debian/patches/CVE-2014-9512-1.patch: complain if an inc-recursive
path is not right for its dir in flist.c, io.c, main.c, rsync.c.
- debian/patches/CVE-2014-9512-2.patch: add parent-dir validation for
--no-inc-recurse too in flist.c, generator.c.
- CVE-2014-9512
-- Marc Deslauriers Tue, 19 Jan 2016 15:27:53 -0500
|
Source diff to previous version |
CVE-2014-9512 |
rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path. |
|
rsync (3.1.0-2ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via invalid username (LP: #1307230)
- debian/patches/CVE-2014-2855.diff: avoid infinite wait reading
secrets file in authenticate.c.
- CVE-2014-2855
-- Marc Deslauriers <email address hidden> Thu, 17 Apr 2014 12:56:34 -0400
|
1307230 |
3.1.0 daemon infinite loop when no matched user in secrets |
CVE-2014-2855 |
Daemon infinite loop when no matched user in secrets |
|
About
-
Send Feedback to @ubuntu_updates