rsync-3.1.2-11.el7
エラータID: AXSA:2022-3735:05
The rsync utility enables the users to copy and synchronize files locally or
across a network. Synchronization with rsync is fast because rsync only sends
the differences in files over the network instead of sending whole files. The
rsync utility is also used as a mirroring tool.
Security Fix(es):
* rsync: remote arbitrary files write inside the directories of connecting
peers (CVE-2022-29154)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
CVE-2022-29154
An issue was discovered in rsync before 3.2.5 that allows malicious remote
servers to write arbitrary files inside the directories of connecting peers. The
server chooses which files/directories are sent to the client. However, the
rsync client performs insufficient validation of file names. A malicious rsync
server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the
rsync client target directory and subdirectories (for example, overwrite the
.ssh/authorized_keys file).
Update packages.
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).
N/A
SRPMS
- rsync-3.1.2-11.el7.src.rpm
MD5: 40424045ba300743ed17c08ac62f36e0
SHA-256: 4a2bdd7d641669845c7a654943c279dc1a89fb6dbc4d24b2d5170e5c98323aa2
Size: 1.06 MB
Asianux Server 7 for x86_64
- rsync-3.1.2-11.el7.x86_64.rpm
MD5: 530bfa0b1bb6b9e5d7087ee5c4737a4c
SHA-256: 898d49cbcc8a4b16a96604f1961802219e98fd3211bc5d711eb20dd6a2e13bd2
Size: 406.90 kB