Advisories » MGASA-2018-0103

Updated rsync package fixes security vulnerability

Publication date: 31 Jan 2018
Modification date: 31 Jan 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2018-5764

Description

It was discovered that rsync incorrectly parsed certain arguments. An
attacker could possibly use this to bypass arguments and execute
arbitrary code (CVE-2018-5764).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22461
• https://usn.ubuntu.com/usn/usn-3543-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5764

SRPMS

5/core

• rsync-3.1.1-5.4.mga5

6/core

• rsync-3.1.2-1.3.mga6