USN-5359-1

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-5359-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5359-1.json

JSON Data

https://api.test.osv.dev/v1/vulns/USN-5359-1

Related

Published

2022-03-31T12:44:59.245296Z

Modified

2022-03-31T12:44:59.245296Z

Summary

rsync vulnerability

Details

Danilo Ramos discovered that rsync incorrectly handled memory when performing certain zlib deflating operations. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code.

References

Affected packages

Ubuntu:18.04:LTS / rsync

Package

Name: rsync
Purl: pkg:deb/ubuntu/rsync@3.1.2-2.1ubuntu1.4?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.2-2.1ubuntu1.4

Affected versions

3.*

3.1.2-2

3.1.2-2.1

3.1.2-2.1ubuntu1

3.1.2-2.1ubuntu1.1

3.1.2-2.1ubuntu1.2

3.1.2-2.1ubuntu1.3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "rsync",
            "binary_version": "3.1.2-2.1ubuntu1.4"
        }
    ],
    "availability": "No subscription required"
}

Ubuntu:20.04:LTS / rsync

Package

Name: rsync
Purl: pkg:deb/ubuntu/rsync@3.1.3-8ubuntu0.3?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.3-8ubuntu0.3

Affected versions

3.*

3.1.3-6

3.1.3-8

3.1.3-8ubuntu0.1

3.1.3-8ubuntu0.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "rsync",
            "binary_version": "3.1.3-8ubuntu0.3"
        },
        {
            "binary_name": "rsync-dbgsym",
            "binary_version": "3.1.3-8ubuntu0.3"
        }
    ],
    "availability": "No subscription required"
}