Описание
Security update for rsync
This update for rsync fixes the following issues:
- CVE-2022-29154: Fixed an arbitrary file write when connecting to a malicious server (bsc#1201840).
Список пакетов
Container rancher/elemental-builder-image/5.3:latest
rsync-3.2.3-150400.3.3.1
Container rancher/elemental-teal-rt/5.3:latest
rsync-3.2.3-150400.3.3.1
Container rancher/elemental-teal-rt/5.4:latest
rsync-3.2.3-150400.3.3.1
Container rancher/elemental-teal/5.3:latest
rsync-3.2.3-150400.3.3.1
Container rancher/elemental-teal/5.4:latest
rsync-3.2.3-150400.3.3.1
Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest
rsync-3.2.3-150400.3.3.1
Container suse/sle-micro-rancher/5.3:latest
rsync-3.2.3-150400.3.3.1
Container suse/sle-micro-rancher/5.4:latest
rsync-3.2.3-150400.3.3.1
Container suse/sle-micro/5.5:latest
rsync-3.2.3-150400.3.3.1
Container suse/sle-micro/base-5.5:latest
rsync-3.2.3-150400.3.3.1
Container suse/sle-micro/kvm-5.5:latest
rsync-3.2.3-150400.3.3.1
Container suse/sle-micro/rt-5.5:latest
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-Azure-Basic
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-Azure-Standard
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-BYOS
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-BYOS-Azure
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-BYOS-EC2
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-BYOS-GCE
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-EC2
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-EC2-ECS-HVM
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-GCE
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-HPC
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-HPC-Azure
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-HPC-BYOS
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-HPC-BYOS-Azure
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-HPC-BYOS-EC2
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-HPC-BYOS-GCE
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-HPC-EC2
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-HPC-GCE
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-Hardened-BYOS
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-Hardened-BYOS-Azure
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-Hardened-BYOS-EC2
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-Hardened-BYOS-GCE
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-Manager-Server-4-3
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-Manager-Server-4-3-Azure-llc
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-Manager-Server-4-3-Azure-ltd
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-Manager-Server-4-3-BYOS
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-Manager-Server-4-3-EC2-llc
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-Manager-Server-4-3-EC2-ltd
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-Micro-5-3
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-Micro-5-3-Azure
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-Micro-5-3-BYOS
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-Micro-5-3-BYOS-Azure
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-Micro-5-3-BYOS-EC2
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-Micro-5-3-BYOS-GCE
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-Micro-5-3-EC2
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-Micro-5-3-GCE
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-Micro-5-4
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-Micro-5-4-Azure
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-Micro-5-4-BYOS
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-Micro-5-4-BYOS-Azure
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-Micro-5-4-BYOS-EC2
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-Micro-5-4-BYOS-GCE
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-Micro-5-4-EC2
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-Micro-5-4-GCE
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-SAP
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-SAP-Azure
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-SAP-Azure-LI-BYOS
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-SAP-Azure-LI-BYOS-Production
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-SAP-BYOS
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-SAP-BYOS-Azure
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-SAP-BYOS-EC2
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-SAP-BYOS-GCE
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-SAP-EC2
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-SAP-GCE
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-SAP-Hardened
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-SAP-Hardened-Azure
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-SAP-Hardened-BYOS
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-SAP-Hardened-BYOS-Azure
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-SAP-Hardened-BYOS-EC2
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-SAP-Hardened-BYOS-GCE
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-SAP-Hardened-EC2
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-SAP-Hardened-GCE
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-SAPCAL
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-SAPCAL-Azure
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-SAPCAL-EC2
rsync-3.2.3-150400.3.3.1
Image SLES15-SP4-SAPCAL-GCE
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-Azure-3P
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-Azure-Basic
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-Azure-Standard
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-BYOS-Azure
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-BYOS-EC2
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-BYOS-GCE
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-EC2
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-EC2-ECS-HVM
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-GCE
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-HPC-Azure
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-HPC-BYOS-Azure
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-HPC-BYOS-EC2
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-HPC-BYOS-GCE
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-HPC-EC2
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-HPC-GCE
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-Hardened-BYOS-Azure
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-Hardened-BYOS-EC2
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-Hardened-BYOS-GCE
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-Manager-Proxy-5-0-BYOS
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-Manager-Proxy-5-0-BYOS-Azure
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-Manager-Proxy-5-0-BYOS-EC2
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-Manager-Proxy-5-0-BYOS-GCE
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-Manager-Server-5-0
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-Manager-Server-5-0-Azure-llc
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-Manager-Server-5-0-Azure-ltd
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-Manager-Server-5-0-BYOS
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-Manager-Server-5-0-BYOS-Azure
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-Manager-Server-5-0-BYOS-EC2
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-Manager-Server-5-0-BYOS-GCE
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-Manager-Server-5-0-EC2-llc
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-Manager-Server-5-0-EC2-ltd
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-Micro-5-5
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-Micro-5-5-Azure
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-Micro-5-5-BYOS
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-Micro-5-5-BYOS-Azure
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-Micro-5-5-BYOS-EC2
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-Micro-5-5-BYOS-GCE
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-Micro-5-5-EC2
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-Micro-5-5-GCE
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-SAP-Azure
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-SAP-Azure-3P
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-SAP-Azure-LI-BYOS
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-SAP-Azure-LI-BYOS-Production
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-SAP-BYOS-Azure
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-SAP-BYOS-EC2
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-SAP-BYOS-GCE
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-SAP-EC2
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-SAP-GCE
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-SAP-Hardened-Azure
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-SAP-Hardened-BYOS-Azure
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-SAP-Hardened-BYOS-EC2
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-SAP-Hardened-BYOS-GCE
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-SAP-Hardened-EC2
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-SAP-Hardened-GCE
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-SAPCAL-Azure
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-SAPCAL-EC2
rsync-3.2.3-150400.3.3.1
Image SLES15-SP5-SAPCAL-GCE
rsync-3.2.3-150400.3.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP4
rsync-3.2.3-150400.3.3.1
openSUSE Leap 15.4
rsync-3.2.3-150400.3.3.1
Ссылки
- Link for SUSE-SU-2022:2825-1
- E-Mail link for SUSE-SU-2022:2825-1
- SUSE Security Ratings
- SUSE Bug 1201840
- SUSE CVE CVE-2022-29154 page
Описание
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).
Затронутые продукты
Container rancher/elemental-builder-image/5.3:latest:rsync-3.2.3-150400.3.3.1
Container rancher/elemental-teal-rt/5.3:latest:rsync-3.2.3-150400.3.3.1
Container rancher/elemental-teal-rt/5.4:latest:rsync-3.2.3-150400.3.3.1
Container rancher/elemental-teal/5.3:latest:rsync-3.2.3-150400.3.3.1
Ссылки
- CVE-2022-29154
- SUSE Bug 1201840
- SUSE Bug 1202970
- SUSE Bug 1202998
- SUSE Bug 1203401
- SUSE Bug 1203727
- SUSE Bug 1203789
- SUSE Bug 1204119
- SUSE Bug 1205072