rsync-3.1.3-14.el8.3
エラータID: AXSA:2022-3734:04
リリース日:
2022/08/25 Thursday - 01:09
題名:
rsync-3.1.3-14.el8.3
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- rsync には、クライアントにファイル名の検証を十分に行わない
問題があるため、リモートの攻撃者により、任意のファイルが
書き込み可能となる脆弱性があります。(CVE-2022-29154)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-29154
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).
追加情報:
N/A
ダウンロード:
SRPMS
- rsync-3.1.3-14.el8.3.src.rpm
MD5: eb058511daa4c1c8a01c9d410475b3c4
SHA-256: 4b465ff5630d2b68a7d21eb0b17c002e172bfc1432f70d58b2e6003cd4067f7c
Size: 1.09 MB
Asianux Server 8 for x86_64
- rsync-3.1.3-14.el8.3.x86_64.rpm
MD5: 9f9c4d24365f78f9d451ad4efcee4a01
SHA-256: d49c9a6fec0eb94dc5e981e5ac1d830a373e91d218dc2cb130e8f6fb83af4150
Size: 408.32 kB - rsync-daemon-3.1.3-14.el8.3.noarch.rpm
MD5: 69ea76179ad58e80b2e67488f576ccce
SHA-256: ffa7b11e101c42224f8dbad22343d5fdfd5f0e1d99ca0f9839c80102c14a3339
Size: 42.81 kB