Описание
Security update for rsync
This update for rsync fixes the following issues:
- CVE-2022-29154: Fixed an arbitrary file write issue that could be triggered by a malicious remote server (bsc#1201840).
Список пакетов
Container suse/sle-micro-rancher/5.2:latest
rsync-3.1.3-150000.4.13.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
rsync-3.1.3-150000.4.13.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
rsync-3.1.3-150000.4.13.1
Image SLES15-SP1-SAPCAL-Azure
rsync-3.1.3-150000.4.13.1
Image SLES15-SP1-SAPCAL-EC2-HVM
rsync-3.1.3-150000.4.13.1
Image SLES15-SP1-SAPCAL-GCE
rsync-3.1.3-150000.4.13.1
Image SLES15-SP2-BYOS-Azure
rsync-3.1.3-150000.4.13.1
Image SLES15-SP2-BYOS-EC2-HVM
rsync-3.1.3-150000.4.13.1
Image SLES15-SP2-BYOS-GCE
rsync-3.1.3-150000.4.13.1
Image SLES15-SP2-HPC-BYOS-Azure
rsync-3.1.3-150000.4.13.1
Image SLES15-SP2-HPC-BYOS-EC2-HVM
rsync-3.1.3-150000.4.13.1
Image SLES15-SP2-SAP-Azure
rsync-3.1.3-150000.4.13.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
rsync-3.1.3-150000.4.13.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
rsync-3.1.3-150000.4.13.1
Image SLES15-SP2-SAP-BYOS-Azure
rsync-3.1.3-150000.4.13.1
Image SLES15-SP2-SAP-BYOS-EC2-HVM
rsync-3.1.3-150000.4.13.1
Image SLES15-SP2-SAP-BYOS-GCE
rsync-3.1.3-150000.4.13.1
Image SLES15-SP2-SAP-EC2-HVM
rsync-3.1.3-150000.4.13.1
Image SLES15-SP2-SAP-GCE
rsync-3.1.3-150000.4.13.1
Image SLES15-SP3-BYOS-Azure
rsync-3.1.3-150000.4.13.1
Image SLES15-SP3-BYOS-EC2-HVM
rsync-3.1.3-150000.4.13.1
Image SLES15-SP3-BYOS-GCE
rsync-3.1.3-150000.4.13.1
Image SLES15-SP3-HPC-BYOS-Azure
rsync-3.1.3-150000.4.13.1
Image SLES15-SP3-HPC-BYOS-EC2-HVM
rsync-3.1.3-150000.4.13.1
Image SLES15-SP3-HPC-BYOS-GCE
rsync-3.1.3-150000.4.13.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure
rsync-3.1.3-150000.4.13.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM
rsync-3.1.3-150000.4.13.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE
rsync-3.1.3-150000.4.13.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
rsync-3.1.3-150000.4.13.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
rsync-3.1.3-150000.4.13.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
rsync-3.1.3-150000.4.13.1
Image SLES15-SP3-Micro-5-1-BYOS-Azure
rsync-3.1.3-150000.4.13.1
Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM
rsync-3.1.3-150000.4.13.1
Image SLES15-SP3-Micro-5-1-BYOS-GCE
rsync-3.1.3-150000.4.13.1
Image SLES15-SP3-Micro-5-2-BYOS-Azure
rsync-3.1.3-150000.4.13.1
Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM
rsync-3.1.3-150000.4.13.1
Image SLES15-SP3-Micro-5-2-BYOS-GCE
rsync-3.1.3-150000.4.13.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
rsync-3.1.3-150000.4.13.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
rsync-3.1.3-150000.4.13.1
Image SLES15-SP3-SAP-BYOS-Azure
rsync-3.1.3-150000.4.13.1
Image SLES15-SP3-SAP-BYOS-EC2-HVM
rsync-3.1.3-150000.4.13.1
Image SLES15-SP3-SAP-BYOS-GCE
rsync-3.1.3-150000.4.13.1
Image SLES15-SP3-SAPCAL-Azure
rsync-3.1.3-150000.4.13.1
Image SLES15-SP3-SAPCAL-EC2-HVM
rsync-3.1.3-150000.4.13.1
Image SLES15-SP3-SAPCAL-GCE
rsync-3.1.3-150000.4.13.1
SUSE Enterprise Storage 6
rsync-3.1.3-150000.4.13.1
SUSE Enterprise Storage 7
rsync-3.1.3-150000.4.13.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
rsync-3.1.3-150000.4.13.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
rsync-3.1.3-150000.4.13.1
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS
rsync-3.1.3-150000.4.13.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
rsync-3.1.3-150000.4.13.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS
rsync-3.1.3-150000.4.13.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
rsync-3.1.3-150000.4.13.1
SUSE Linux Enterprise Micro 5.1
rsync-3.1.3-150000.4.13.1
SUSE Linux Enterprise Micro 5.2
rsync-3.1.3-150000.4.13.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
rsync-3.1.3-150000.4.13.1
SUSE Linux Enterprise Server 15 SP1-BCL
rsync-3.1.3-150000.4.13.1
SUSE Linux Enterprise Server 15 SP1-LTSS
rsync-3.1.3-150000.4.13.1
SUSE Linux Enterprise Server 15 SP2-BCL
rsync-3.1.3-150000.4.13.1
SUSE Linux Enterprise Server 15 SP2-LTSS
rsync-3.1.3-150000.4.13.1
SUSE Linux Enterprise Server 15-LTSS
rsync-3.1.3-150000.4.13.1
SUSE Linux Enterprise Server for SAP Applications 15
rsync-3.1.3-150000.4.13.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
rsync-3.1.3-150000.4.13.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
rsync-3.1.3-150000.4.13.1
SUSE Manager Proxy 4.1
rsync-3.1.3-150000.4.13.1
SUSE Manager Retail Branch Server 4.1
rsync-3.1.3-150000.4.13.1
SUSE Manager Server 4.1
rsync-3.1.3-150000.4.13.1
openSUSE Leap 15.3
rsync-3.1.3-150000.4.13.1
Ссылки
- Link for SUSE-SU-2022:2959-1
- E-Mail link for SUSE-SU-2022:2959-1
- SUSE Security Ratings
- SUSE Bug 1201840
- SUSE CVE CVE-2022-29154 page
Описание
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).
Затронутые продукты
Container suse/sle-micro-rancher/5.2:latest:rsync-3.1.3-150000.4.13.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:rsync-3.1.3-150000.4.13.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:rsync-3.1.3-150000.4.13.1
Image SLES15-SP1-SAPCAL-Azure:rsync-3.1.3-150000.4.13.1
Ссылки
- CVE-2022-29154
- SUSE Bug 1201840
- SUSE Bug 1202970
- SUSE Bug 1202998
- SUSE Bug 1203401
- SUSE Bug 1203727
- SUSE Bug 1203789
- SUSE Bug 1204119
- SUSE Bug 1205072