SUSE-SU-2022:2858-1

Опубликовано: 19 авг. 2022

Источник: suse-cvrf

Описание

Security update for rsync

This update for rsync fixes the following issues:

CVE-2022-29154: Fixed an arbitrary file write issue that could be triggered by a malicious remote server (bsc#1201840).

Список пакетов

Image SLES12-SP5-Azure-BYOS

rsync-3.1.3-3.9.1

Image SLES12-SP5-Azure-Basic-On-Demand

rsync-3.1.3-3.9.1

Image SLES12-SP5-Azure-HPC-BYOS

rsync-3.1.3-3.9.1

Image SLES12-SP5-Azure-HPC-On-Demand

rsync-3.1.3-3.9.1

Image SLES12-SP5-Azure-SAP-BYOS

rsync-3.1.3-3.9.1

Image SLES12-SP5-Azure-SAP-On-Demand

rsync-3.1.3-3.9.1

Image SLES12-SP5-Azure-Standard-On-Demand

rsync-3.1.3-3.9.1

Image SLES12-SP5-EC2-BYOS

rsync-3.1.3-3.9.1

Image SLES12-SP5-EC2-ECS-On-Demand

rsync-3.1.3-3.9.1

Image SLES12-SP5-EC2-On-Demand

rsync-3.1.3-3.9.1

Image SLES12-SP5-EC2-SAP-BYOS

rsync-3.1.3-3.9.1

Image SLES12-SP5-EC2-SAP-On-Demand

rsync-3.1.3-3.9.1

Image SLES12-SP5-GCE-BYOS

rsync-3.1.3-3.9.1

Image SLES12-SP5-GCE-On-Demand

rsync-3.1.3-3.9.1

Image SLES12-SP5-GCE-SAP-BYOS

rsync-3.1.3-3.9.1

Image SLES12-SP5-GCE-SAP-On-Demand

rsync-3.1.3-3.9.1

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

rsync-3.1.3-3.9.1

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

rsync-3.1.3-3.9.1

SUSE Linux Enterprise Server 12 SP5

rsync-3.1.3-3.9.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

rsync-3.1.3-3.9.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20222858-1/
Link for SUSE-SU-2022:2858-1
https://lists.suse.com/pipermail/sle-security-updates/2022-August/011951.html
E-Mail link for SUSE-SU-2022:2858-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1201840
SUSE Bug 1201840
https://www.suse.com/security/cve/CVE-2022-29154/
SUSE CVE CVE-2022-29154 page

Описание

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).

Затронутые продукты

Image SLES12-SP5-Azure-BYOS:rsync-3.1.3-3.9.1

Image SLES12-SP5-Azure-Basic-On-Demand:rsync-3.1.3-3.9.1

Image SLES12-SP5-Azure-HPC-BYOS:rsync-3.1.3-3.9.1

Image SLES12-SP5-Azure-HPC-On-Demand:rsync-3.1.3-3.9.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-29154.html
CVE-2022-29154
https://bugzilla.suse.com/1201840
SUSE Bug 1201840
https://bugzilla.suse.com/1202970
SUSE Bug 1202970
https://bugzilla.suse.com/1202998
SUSE Bug 1202998
https://bugzilla.suse.com/1203401
SUSE Bug 1203401
https://bugzilla.suse.com/1203727
SUSE Bug 1203727
https://bugzilla.suse.com/1203789
SUSE Bug 1203789
https://bugzilla.suse.com/1204119
SUSE Bug 1204119
https://bugzilla.suse.com/1205072
SUSE Bug 1205072

SUSE-SU-2022:2858-1

Описание

Список пакетов

Image SLES12-SP5-Azure-BYOS

Image SLES12-SP5-Azure-Basic-On-Demand

Image SLES12-SP5-Azure-HPC-BYOS

Image SLES12-SP5-Azure-HPC-On-Demand

Image SLES12-SP5-Azure-SAP-BYOS

Image SLES12-SP5-Azure-SAP-On-Demand

Image SLES12-SP5-Azure-Standard-On-Demand

Image SLES12-SP5-EC2-BYOS

Image SLES12-SP5-EC2-ECS-On-Demand

Image SLES12-SP5-EC2-On-Demand

Image SLES12-SP5-EC2-SAP-BYOS

Image SLES12-SP5-EC2-SAP-On-Demand

Image SLES12-SP5-GCE-BYOS

Image SLES12-SP5-GCE-On-Demand

Image SLES12-SP5-GCE-SAP-BYOS

Image SLES12-SP5-GCE-SAP-On-Demand

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP5

Ссылки

Уязвимость: CVE-2022-29154

Описание

Затронутые продукты

Ссылки