Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-RU-2023:3370-1

Опубликовано: 22 авг. 2023
Источник: suse-cvrf

Описание

Recommended update for rsync

This update for rsync fixes the following issues:

  • Update to version 3.2.3 (jsc#SLE-21252, jsc#PED-3146)
  • Add support for using --atimes to preserve atime of files in destination sync (jsc#PED-3145)
  • Remove SuSEfirewall2 service as this was replaced by firewalld (which already provides a rsyncd service).
  • Fix --delay-updates never updates after interruption (bsc#1204538)
  • Arbitrary file write vulnerability via do_server_recv function (bsc#1201840, CVE-2022-29154)
  • rsync-ssl: Verify the hostname in the certificate when using openssl. (bsc#1176160, CVE-2020-14387)

Список пакетов

Container suse/sle-micro-rancher/5.2:latest
rsync-3.2.3-150000.4.23.2
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
rsync-3.2.3-150000.4.23.2
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
rsync-3.2.3-150000.4.23.2
Image SLES15-SP2-BYOS-Azure
rsync-3.2.3-150000.4.23.2
Image SLES15-SP2-HPC-BYOS-Azure
rsync-3.2.3-150000.4.23.2
Image SLES15-SP2-SAP-Azure
rsync-3.2.3-150000.4.23.2
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
rsync-3.2.3-150000.4.23.2
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
rsync-3.2.3-150000.4.23.2
Image SLES15-SP2-SAP-BYOS-Azure
rsync-3.2.3-150000.4.23.2
Image SLES15-SP2-SAP-BYOS-EC2-HVM
rsync-3.2.3-150000.4.23.2
Image SLES15-SP2-SAP-BYOS-GCE
rsync-3.2.3-150000.4.23.2
Image SLES15-SP2-SAP-EC2-HVM
rsync-3.2.3-150000.4.23.2
Image SLES15-SP2-SAP-GCE
rsync-3.2.3-150000.4.23.2
Image SLES15-SP3-BYOS-Azure
rsync-3.2.3-150000.4.23.2
Image SLES15-SP3-BYOS-EC2-HVM
rsync-3.2.3-150000.4.23.2
Image SLES15-SP3-BYOS-GCE
rsync-3.2.3-150000.4.23.2
Image SLES15-SP3-HPC-BYOS-Azure
rsync-3.2.3-150000.4.23.2
Image SLES15-SP3-HPC-BYOS-EC2-HVM
rsync-3.2.3-150000.4.23.2
Image SLES15-SP3-HPC-BYOS-GCE
rsync-3.2.3-150000.4.23.2
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure
rsync-3.2.3-150000.4.23.2
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM
rsync-3.2.3-150000.4.23.2
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE
rsync-3.2.3-150000.4.23.2
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
rsync-3.2.3-150000.4.23.2
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
rsync-3.2.3-150000.4.23.2
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
rsync-3.2.3-150000.4.23.2
Image SLES15-SP3-Micro-5-1-BYOS-Azure
rsync-3.2.3-150000.4.23.2
Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM
rsync-3.2.3-150000.4.23.2
Image SLES15-SP3-Micro-5-1-BYOS-GCE
rsync-3.2.3-150000.4.23.2
Image SLES15-SP3-Micro-5-2-BYOS-Azure
rsync-3.2.3-150000.4.23.2
Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM
rsync-3.2.3-150000.4.23.2
Image SLES15-SP3-Micro-5-2-BYOS-GCE
rsync-3.2.3-150000.4.23.2
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
rsync-3.2.3-150000.4.23.2
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
rsync-3.2.3-150000.4.23.2
Image SLES15-SP3-SAP-BYOS-Azure
rsync-3.2.3-150000.4.23.2
Image SLES15-SP3-SAP-BYOS-EC2-HVM
rsync-3.2.3-150000.4.23.2
Image SLES15-SP3-SAP-BYOS-GCE
rsync-3.2.3-150000.4.23.2
Image SLES15-SP3-SAPCAL-Azure
rsync-3.2.3-150000.4.23.2
Image SLES15-SP3-SAPCAL-EC2-HVM
rsync-3.2.3-150000.4.23.2
Image SLES15-SP3-SAPCAL-GCE
rsync-3.2.3-150000.4.23.2
SUSE Enterprise Storage 7.1
rsync-3.2.3-150000.4.23.2
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
rsync-3.2.3-150000.4.23.2
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
rsync-3.2.3-150000.4.23.2
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
rsync-3.2.3-150000.4.23.2
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
rsync-3.2.3-150000.4.23.2
SUSE Linux Enterprise Micro 5.1
rsync-3.2.3-150000.4.23.2
SUSE Linux Enterprise Micro 5.2
rsync-3.2.3-150000.4.23.2
SUSE Linux Enterprise Real Time 15 SP3
rsync-3.2.3-150000.4.23.2
SUSE Linux Enterprise Server 15 SP1-LTSS
rsync-3.2.3-150000.4.23.2
SUSE Linux Enterprise Server 15 SP2-LTSS
rsync-3.2.3-150000.4.23.2
SUSE Linux Enterprise Server 15 SP3-LTSS
rsync-3.2.3-150000.4.23.2
SUSE Linux Enterprise Server for SAP Applications 15 SP1
rsync-3.2.3-150000.4.23.2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
rsync-3.2.3-150000.4.23.2
SUSE Linux Enterprise Server for SAP Applications 15 SP3
rsync-3.2.3-150000.4.23.2
SUSE Manager Proxy 4.2
rsync-3.2.3-150000.4.23.2
SUSE Manager Server 4.2
rsync-3.2.3-150000.4.23.2

Ссылки

Описание

A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing a man-in-the-middle attack using a valid certificate for another hostname which could compromise confidentiality and integrity of data transmitted using rsync-ssl. The highest threat from this vulnerability is to data confidentiality and integrity. This flaw affects rsync versions before 3.2.4.

Затронутые продукты
Container suse/sle-micro-rancher/5.2:latest:rsync-3.2.3-150000.4.23.2
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:rsync-3.2.3-150000.4.23.2
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:rsync-3.2.3-150000.4.23.2
Image SLES15-SP2-BYOS-Azure:rsync-3.2.3-150000.4.23.2
Ссылки

Описание

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).

Затронутые продукты
Container suse/sle-micro-rancher/5.2:latest:rsync-3.2.3-150000.4.23.2
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:rsync-3.2.3-150000.4.23.2
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:rsync-3.2.3-150000.4.23.2
Image SLES15-SP2-BYOS-Azure:rsync-3.2.3-150000.4.23.2
Ссылки
Уязвимость SUSE-RU-2023:3370-1