Ubuntu 22.10, 22.04 LTS: 5921-1 Critical Rsync File Overwrite Issue
ubuntu
March 6, 2023
rsync could be made to overwrite files.
Summary
rsync could be made to overwrite files.
Software Description:
- rsync: fast, versatile, remote (and local) file-copying tool
Details:
Koen van Hove discovered that the rsync client incorrectly validated
filenames returned by servers. If a user or automated system were tricked
into connecting to a malicious server, a remote attacker could use this
issue to write arbitrary files, and possibly excalate privileges.
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: rsync 3.2.7-0ubuntu0.22.10.1 Ubuntu 22.04 LTS: rsync 3.2.7-0ubuntu0.22.04.2 Ubuntu 20.04 LTS: rsync 3.1.3-8ubuntu0.5 Ubuntu 18.04 LTS: rsync 3.1.2-2.1ubuntu1.6 On Ubuntu 22.04 LTS and Ubuntu 22.10, this update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-5921-1
CVE-2022-29154
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
March 06, 2023
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!