Описание
Security update for rsync
This update for rsync fixes two security issues and two non-security bugs.
The following vulnerabilities were fixed:
- CVE-2014-8242: Checksum collisions leading to a denial of service (bsc#900914)
- CVE-2014-9512: Malicious servers could send files outside of the transferred directory (bsc#915410)
The following non-security bugs were fixed:
- bsc#922710: Prevent rsyncd from spamming the log when trying to register SLP.
- bsc#898513: slp support broke rsync usage.
Список пакетов
SUSE Linux Enterprise Desktop 12
rsync-3.1.0-6.1
SUSE Linux Enterprise Desktop 12 SP1
rsync-3.1.0-6.1
SUSE Linux Enterprise Server 12
rsync-3.1.0-6.1
SUSE Linux Enterprise Server 12 SP1
rsync-3.1.0-6.1
SUSE Linux Enterprise Server for SAP Applications 12
rsync-3.1.0-6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
rsync-3.1.0-6.1
Ссылки
- Link for SUSE-SU-2016:0173-1
- E-Mail link for SUSE-SU-2016:0173-1
- SUSE Security Ratings
- SUSE Bug 898513
- SUSE Bug 900914
- SUSE Bug 915410
- SUSE Bug 922710
- SUSE CVE CVE-2014-8242 page
- SUSE CVE CVE-2014-9512 page
Описание
librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:rsync-3.1.0-6.1
SUSE Linux Enterprise Desktop 12:rsync-3.1.0-6.1
SUSE Linux Enterprise Server 12 SP1:rsync-3.1.0-6.1
SUSE Linux Enterprise Server 12:rsync-3.1.0-6.1
Ссылки
- CVE-2014-8242
- SUSE Bug 900914
- SUSE Bug 922710
Описание
rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:rsync-3.1.0-6.1
SUSE Linux Enterprise Desktop 12:rsync-3.1.0-6.1
SUSE Linux Enterprise Server 12 SP1:rsync-3.1.0-6.1
SUSE Linux Enterprise Server 12:rsync-3.1.0-6.1
Ссылки
- CVE-2014-9512
- SUSE Bug 915410
- SUSE Bug 960191