Download
| Alert*
oval:org.secpod.oval:def:89043773
This update for rsync fixes several issues. These security issues were fixed: - CVE-2017-17434: The daemon in rsync did not check for fnamecmp filenames in the daemon_filter_list data structure and also did not apply the sanitize_paths protection mechanism to pathnames found in xname follows stri ... oval:org.secpod.oval:def:89002142 This update for rsync fixes the following issues: Security issues fixed: - CVE-2017-17434: The daemon in rsync did not check for fnamecmp filenames in the daemon_filter_list data structure and also did not apply the sanitize_paths protection mechanism to pathnames found in quot;xname followsquot; s ... oval:org.secpod.oval:def:1000579 The remote host is missing a patch 152249-02 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:1000527 The remote host is missing a patch 152248-02 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:1800162 CVE-2017-16548: The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing "\0" character in an xattr name, which allows remote attackers to cause a denial of service or possibly have unspecified other impact by sending crafted data to the daemon. oval:org.secpod.oval:def:1800776 CVE-2017-16548: The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing "\0" character in an xattr name, which allows remote attackers to cause a denial of service or possibly have unspecified other impact by sending crafted data to the daemon. oval:org.secpod.oval:def:52081 rsync: fast, versatile, remote file-copying tool Several security issues were fixed in rsync. oval:org.secpod.oval:def:704198 rsync: fast, versatile, remote file-copying tool Several security issues were fixed in rsync. oval:org.secpod.oval:def:603214 Several vulnerabilities were discovered in rsync, a fast, versatile, remote file-copying tool, allowing a remote attacker to bypass intended access restrictions or cause a denial of service. oval:org.secpod.oval:def:53210 Several vulnerabilities were discovered in rsync, a fast, versatile, remote file-copying tool, allowing a remote attacker to bypass intended access restrictions or cause a denial of service. oval:org.secpod.oval:def:1800354 CVE-2017-16548: The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing "\0" character in an xattr name, which allows remote attackers to cause a denial of service or possibly have unspecified other impact by sending crafted data to the daemon. oval:org.secpod.oval:def:1800665 CVE-2017-16548: The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing "\0" character in an xattr name, which allows remote attackers to cause a denial of service or possibly have unspecified other impact by sending crafted data to the daemon. oval:org.secpod.oval:def:2103418 The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions. |