ELSA-2022-8291

Опубликовано: 22 нояб. 2022

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2022-8291: rsync security and bug fix update (MODERATE)

[3.2.3-18]

Resolves: #2111177 - remote arbitrary files write inside the directories of connecting peers

[3.2.3-17]

Resolves: #2116669 - zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field

[3.2.3-16]

Related: #2081296 - Adding ci.fmf for separation of testing results

[3.2.3-15]

Related: #2081296 - Disabling STI

[3.2.3-14]

Resolves: #2071514 - A flaw found in zlib when compressing (not decompressing) certain inputs

[3.2.3-13]

Resolves: #2079639 - rsync --atimes doesnt work

[3.2.3-12]

Resolves: #2081296 - Enable fmf tests in centos stream

[3.2.3-11]

Resolves: #2053198 - rsync segmentation fault

[3.2.3-10]

Resolves: #2077431 - Read-only files that have changed xattrs fail to allow xattr changes

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

rsync

3.2.3-18.el9

rsync-daemon

3.2.3-18.el9

Oracle Linux x86_64

rsync

3.2.3-18.el9

rsync-daemon

3.2.3-18.el9

Связанные CVE

CVE-2022-37434

Ссылки на источники

Связанные уязвимости

CVE-2022-37434

CVSS3: 9.8

ubuntu

почти 3 года назад

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).