Описание
ELSA-2022-7793: rsync security and enhancement update (MODERATE)
[3.1.3-19]
- Resolves: #2116668 - zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field
[3.1.3-18]
- Resolves: #2111175 - remote arbitrary files write inside the directories of connecting peers
[3.1.3-17]
- Related: #2043753 - New option should not be sent to the server every time
[3.1.3-16]
- Resolves: #2043753 - [RFE] Improve defaults for sparse file buffering
[3.1.3-15]
- Resolves: #2071513 - A flaw in zlib-1.2.11 when compressing (not decompressing!) certain inputs
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
rsync
3.1.3-19.el8
rsync-daemon
3.1.3-19.el8
Oracle Linux x86_64
rsync
3.1.3-19.el8
rsync-daemon
3.1.3-19.el8
Связанные CVE
Связанные уязвимости
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
zlib through 1.2.12 has a heap-based buffer over-read or buffer overfl ...