Package "rsync"
| Name: |
rsync
|
Description: |
fast, versatile, remote (and local) file-copying tool
|
| Latest version: |
3.1.2-2.1ubuntu1.6 |
| Release: |
bionic (18.04) |
| Level: |
security |
| Repository: |
main |
| Homepage: |
http://rsync.samba.org/ |
Links
Download "rsync"
Other versions of "rsync" in Bionic
Changelog
|
rsync (3.1.2-2.1ubuntu1.6) bionic-security; urgency=medium
* SECURITY UPDATE: arbitrary file write via malicious remote servers
- d/p/z-CVE-2022-29154-{1,2}.diff: backported patches to fix the issue.
- d/p/z-CVE-2022-29154-3.diff: added additional patch to fix
regression.
- CVE-2022-29154
-- Marc Deslauriers <email address hidden> Tue, 28 Feb 2023 08:04:02 -0500
|
| Source diff to previous version |
| CVE-2022-29154 |
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peer |
|
|
rsync (3.1.2-2.1ubuntu1.5) bionic-security; urgency=medium
* SECURITY UPDATE: zlib buffer overflow when inflating certain gzip
hearders.
- debian/patches/CVE-2022-37434-1.patch: catches overflow in
inflateGetHeader by enforcing buffer size.
- debian/patches/CVE-2022-37434-2.patch: prevents NULL dereference
regression previous patch introduced.
- CVE-2022-37434
-- Mark Esler <email address hidden> Tue, 16 Aug 2022 13:38:38 -0500
|
| Source diff to previous version |
| CVE-2022-37434 |
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only appl |
|
|
rsync (3.1.2-2.1ubuntu1.4) bionic-security; urgency=medium
* SECURITY UPDATE: memory corruption when zlib deflating
- debian/patches/CVE-2018-25032-1.patch: fix a bug that can crash
deflate on some input when using Z_FIXED in zlib/deflate.c,
zlib/deflate.h.
- debian/patches/CVE-2018-25032-2.patch: assure that the number of bits
for deflatePrime() is valid in zlib/deflate.c.
- CVE-2018-25032
-- Marc Deslauriers <email address hidden> Wed, 30 Mar 2022 12:16:36 -0400
|
| Source diff to previous version |
| CVE-2018-25032 |
zlib 1.2.11 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. |
|
|
rsync (3.1.2-2.1ubuntu1.1) bionic-security; urgency=medium
* SECURITY UPDATE: improper pointer arithmetic might allow
context-dependent attackers to have unspecified impact
- debian/patches/CVE-2016-9840.patch: remove offset pointer optimization
in inftrees.c.
- CVE-2016-9840
* SECURITY UPDATE: improper pointer arithmetic might allow
context-dependent attackers to have unspecified impact
- debian/patches/CVE-2016-9841.patch: use post-increment only in inffast.c.
- CVE-2016-9841
* SECURITY UPDATE: vectors involving left shifts of negative integers might
allow context-dependent attackers to have unspecified impact
- debian/patches/CVE-2016-9842_1.patch: avoid shifts of negative values in
inflateMark().
- debian/patches/CVE-2016-9842_2.patch: avoid casting an out-of-range
value to long.
- CVE-2016-9842
* SECURITY UPDATE: vectors involving big-endian CRC calculation might allow
context-dependent attackers to have unspecified impact
- debian/patches/CVE-2016-9843.patch: avoid pre-decrement of pointer in
big-endian CRC calculation.
- CVE-2016-9843
-- Avital Ostromich <email address hidden> Tue, 18 Feb 2020 16:03:13 -0500
|
| CVE-2016-9840 |
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. |
| CVE-2016-9841 |
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. |
| CVE-2016-9842 |
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shi |
| CVE-2016-9843 |
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian C |
|
About
-
Send Feedback to @ubuntu_updates
