Debian LTS: DLA-1725-1: rsync security update

    Date24 Mar 2019
    CategoryDebian LTS
    391
    Posted ByLinuxSecurity Advisories
    Trail of Bits used the automated vulnerability discovery tools developed for the DARPA Cyber Grand Challenge to audit zlib. As rsync, a fast, versatile, remote (and local) file-copying tool, uses an embedded copy of
    
    Package        : rsync
    Version        : 3.1.1-3+deb8u2
    CVE ID         : CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843
                      CVE-2018-5764
    
    
    Trail of Bits used the automated vulnerability discovery tools developed 
    for the DARPA Cyber Grand Challenge to audit zlib. As rsync, a fast, 
    versatile, remote (and local) file-copying tool, uses an embedded copy of 
    zlib, those issues are also present in rsync.
    
    
    CVE-2016-9840
          In order to avoid undefined behavior, remove offset pointer
          optimization, as this is not compliant with the C standard.
    
    CVE-2016-9841
          Only use post-increment to be compliant with the C standard.
    
    CVE-2016-9842
          In order to avoid undefined behavior, do not shift negative values,
          as this is not compliant with the C standard.
    
    CVE-2016-9843
          In order to avoid undefined behavior, do not pre-decrement a pointer
          in big-endian CRC calculation, as this is not compliant with the
          C standard.
    
    CVE-2018-5764
          Prevent remote attackers from being able to bypass the
          argument-sanitization protection mechanism by ignoring --protect-args
          when already sent by client.
    
    
    For Debian 8 "Jessie", these problems have been fixed in version
    3.1.1-3+deb8u2.
    
    We recommend that you upgrade your rsync packages.
    
    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS
    
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    Do you reuse passwords across multiple accounts?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    13
    radio
    [{"id":"55","title":"Yes","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"56","title":"No","votes":"0","type":"x","order":"2","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.