Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 18.04, 16.04: USN-4292-1 Moderate: Rsync DoS Risks

ubuntu
Calendar Grey February 24, 2020
Dist Ubuntu Esm H88
Numerous security patches for rsync in Ubuntu mitigating risks of denial of service and potential code execution vulnerabilities.
Several security issues were fixed in rsync.

Summary

Several security issues were fixed in rsync.

Software Description:

- rsync: fast, versatile, remote (and local) file-copying tool

Details:

It was discovered that rsync incorrectly handled pointer arithmetic in zlib.

An attacker could use this issue to cause rsync to crash, resulting in a

denial of service, or possibly execute arbitrary code. (CVE-2016-9840,

CVE-2016-9841)

It was discovered that rsync incorrectly handled vectors involving left shifts

of negative integers in zlib. An attacker could use this issue to cause rsync

to crash, resulting in a denial of service, or possibly execute arbitrary

code. (CVE-2016-9842)

It was discovered that rsync incorrectly handled vectors involving big-endian

CRC calculation in zlib. An attacker could use this issue to cause rsync to

crash, resulting in a denial of service, or possibly execute arbitrary code.

(CVE-2016-9843)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  rsync                           3.1.2-2.1ubuntu1.1

Ubuntu 16.04 LTS:
  rsync                           3.1.1-3ubuntu1.3

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4292-1

CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843

February 25, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here