MGASA-2020-0108

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0108.html

Import Source

https://advisories.mageia.org/MGASA-2020-0108.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2020-0108

Related

Published

2020-02-29T13:42:35Z

Modified

2020-02-29T13:20:44Z

Summary

Updated rsync packages fix security vulnerabilities

Details

Updated rsync packages fix security vulnerabilities:

It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2016-9840, CVE-2016-9841)

It was discovered that rsync incorrectly handled vectors involving left shifts of negative integers in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2016-9842).

It was discovered that rsync incorrectly handled vectors involving big- endian CRC calculation in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2016-9843).

Please note, we now compile against system zlib. If rsync fails to sync with older remote systems using compression (-z), you have either update the remote host to a newer version or disable compression.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / rsync

Package

Name: rsync
Purl: pkg:rpm/mageia/rsync?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.3-4.mga7

Ecosystem specific

{
    "section": "core"
}