UbuntuUpdates.org

Package "rsync"

Name: rsync

Description:

fast, versatile, remote (and local) file-copying tool

Latest version: 3.1.2-2.1ubuntu1.6
Release: bionic (18.04)
Level: updates
Repository: main
Homepage: http://rsync.samba.org/

Links


Download "rsync"


Other versions of "rsync" in Bionic

Repository Area Version
base main 3.1.2-2.1ubuntu1
security main 3.1.2-2.1ubuntu1.6

Changelog

Version: 3.1.2-2.1ubuntu1.6 2023-03-06 15:06:54 UTC

  rsync (3.1.2-2.1ubuntu1.6) bionic-security; urgency=medium

  * SECURITY UPDATE: arbitrary file write via malicious remote servers
    - d/p/z-CVE-2022-29154-{1,2}.diff: backported patches to fix the issue.
    - d/p/z-CVE-2022-29154-3.diff: added additional patch to fix
      regression.
    - CVE-2022-29154

 -- Marc Deslauriers <email address hidden> Tue, 28 Feb 2023 08:04:02 -0500

Source diff to previous version
CVE-2022-29154 An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peer

Version: 3.1.2-2.1ubuntu1.5 2022-08-19 00:07:03 UTC

  rsync (3.1.2-2.1ubuntu1.5) bionic-security; urgency=medium

  * SECURITY UPDATE: zlib buffer overflow when inflating certain gzip
    hearders.
    - debian/patches/CVE-2022-37434-1.patch: catches overflow in
      inflateGetHeader by enforcing buffer size.
    - debian/patches/CVE-2022-37434-2.patch: prevents NULL dereference
      regression previous patch introduced.
    - CVE-2022-37434

 -- Mark Esler <email address hidden> Tue, 16 Aug 2022 13:38:38 -0500

Source diff to previous version
CVE-2022-37434 zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only appl

Version: 3.1.2-2.1ubuntu1.4 2022-03-31 15:06:17 UTC

  rsync (3.1.2-2.1ubuntu1.4) bionic-security; urgency=medium

  * SECURITY UPDATE: memory corruption when zlib deflating
    - debian/patches/CVE-2018-25032-1.patch: fix a bug that can crash
      deflate on some input when using Z_FIXED in zlib/deflate.c,
      zlib/deflate.h.
    - debian/patches/CVE-2018-25032-2.patch: assure that the number of bits
      for deflatePrime() is valid in zlib/deflate.c.
    - CVE-2018-25032

 -- Marc Deslauriers <email address hidden> Wed, 30 Mar 2022 12:16:36 -0400

Source diff to previous version
CVE-2018-25032 zlib 1.2.11 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

Version: 3.1.2-2.1ubuntu1.3 2022-02-23 14:06:27 UTC

  rsync (3.1.2-2.1ubuntu1.3) bionic; urgency=medium

  * d/p/avoid-deadlock-huge-amounts-verbose-messages.patch:
    Allow the receiver to increase their iobuf.msg xbuf if it fills
    up. This ensures that the receiver will never block trying to
    output a message, and thus it will always drain the data from
    the sender and keep the whole thing from clogging up. Thanks to
    Wayne Davison <email address hidden>. (LP: #1528921)

 -- Miriam EspaƱa Acebal <email address hidden> Tue, 08 Feb 2022 13:26:20 +0100

Source diff to previous version
1528921 rsync hangs on select(5, [], [4], [], {60, 0}

Version: 3.1.2-2.1ubuntu1.2 2021-11-17 02:06:19 UTC

  rsync (3.1.2-2.1ubuntu1.2) bionic; urgency=medium

  * d/p/allow-missing-parent-dir-delete-missing-args.patch:
    Fix error caused by files being deleted having a missing parent
    directory. Thanks to Wayne Davison <email address hidden>.
    (LP: #1896251)

 -- Lena Voytek <email address hidden> Thu, 28 Oct 2021 09:38:50 -0700

1896251 rsync --delete-missing-args fails with \



About   -   Send Feedback to @ubuntu_updates