Описание
Security update for rsync
This update for rsync fixes two security issues:
- CVE-2014-8242: Checksum collisions leading to a denial of service (bsc#900914)
- CVE-2014-9512: Malicious servers could send files outside of the transferred directory (bsc#915410)
Список пакетов
SUSE Linux Enterprise Desktop 11 SP3
rsync-3.0.4-2.49.1
SUSE Linux Enterprise Desktop 11 SP4
rsync-3.0.4-2.49.1
SUSE Linux Enterprise Server 11 SP3
rsync-3.0.4-2.49.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
rsync-3.0.4-2.49.1
SUSE Linux Enterprise Server 11 SP4
rsync-3.0.4-2.49.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3
rsync-3.0.4-2.49.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
rsync-3.0.4-2.49.1
Ссылки
- Link for SUSE-SU-2016:0176-1
- E-Mail link for SUSE-SU-2016:0176-1
- SUSE Security Ratings
- SUSE Bug 900914
- SUSE Bug 915410
- SUSE CVE CVE-2014-8242 page
- SUSE CVE CVE-2014-9512 page
Описание
librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:rsync-3.0.4-2.49.1
SUSE Linux Enterprise Desktop 11 SP4:rsync-3.0.4-2.49.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:rsync-3.0.4-2.49.1
SUSE Linux Enterprise Server 11 SP3:rsync-3.0.4-2.49.1
Ссылки
- CVE-2014-8242
- SUSE Bug 900914
- SUSE Bug 922710
Описание
rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:rsync-3.0.4-2.49.1
SUSE Linux Enterprise Desktop 11 SP4:rsync-3.0.4-2.49.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:rsync-3.0.4-2.49.1
SUSE Linux Enterprise Server 11 SP3:rsync-3.0.4-2.49.1
Ссылки
- CVE-2014-9512
- SUSE Bug 915410
- SUSE Bug 960191