Updated rsync packages fix security vulnerabilities
Publication date: 29 Feb 2020Modification date: 29 Feb 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2016-9840 , CVE-2016-9841 , CVE-2016-9842 , CVE-2016-9843
Description
Updated rsync packages fix security vulnerabilities: It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2016-9840, CVE-2016-9841) It was discovered that rsync incorrectly handled vectors involving left shifts of negative integers in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2016-9842). It was discovered that rsync incorrectly handled vectors involving big- endian CRC calculation in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2016-9843). Please note, we now compile against system zlib. If rsync fails to sync with older remote systems using compression (-z), you have either update the remote host to a newer version or disable compression.
References
SRPMS
7/core
- rsync-3.1.3-4.mga7