drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in rsync
Name: |
Zwei Probleme in rsync |
|
ID: |
201605-04 |
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
Mo, 30. Mai 2016, 22:58 |
|
Referenzen: |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8242
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9512 |
|
Applikationen: |
rsync |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --wmfoUN9H7BVcnXbfWpgclnCPbGkBOxnoc Content-Type: multipart/mixed; boundary="kRPa5QjxXxlMPVIuWPF7C6bac6r9XNKTL" From: Yury German <blueknight@gentoo.org> To: gentoo-announce@lists.gentoo.org Message-ID: <562ad1fb-be32-5008-9274-2440f5e637a5@gentoo.org> Subject: [ GLSA 201605-04 ] rsync: Multiple vulnerabilities
--kRPa5QjxXxlMPVIuWPF7C6bac6r9XNKTL Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201605-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal Title: rsync: Multiple vulnerabilities Date: May 30, 2016 Bugs: #519108, #540000, #569140 ID: 201605-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis ========
Multiple vulnerabilities have been found in rsync, the worst of which could allow remote attackers to write arbitrary files.
Background ==========
File transfer program to keep remote files into sync.
Affected packages =================
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/rsync < 3.1.2 >= 3.1.2
Description ===========
Multiple vulnerabilities have been discovered in rsync. Please review the CVE identifiers referenced below for details.
Impact ======
Remote attackers could write arbitrary files via symlink attacks.
Workaround ==========
There is no known workaround at this time.
Resolution ==========
All rsync users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/rsync-3.1.2"
References ==========
[ 1 ] CVE-2014-8242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8242 [ 2 ] CVE-2014-9512 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9512
Availability ============
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201605-04
Concerns? =========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License =======
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--kRPa5QjxXxlMPVIuWPF7C6bac6r9XNKTL--
--wmfoUN9H7BVcnXbfWpgclnCPbGkBOxnoc Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCAAGBQJXTJwPAAoJEDkRiObnjK1yF70IAIbeOT/yPmo0xEsi9lf6z7yZ 2BfJN6mBi96W680ljjX6pJeDltPpRe3fAn6IF3m/+sYoQotFj7IT6YDXkd6Rnr/l 3pMWPt9gGF5gBXoMpid7uq6/QKBCXxQd7x5bP0c46GgP1qx0XE+be0UfCoykTUzG RLhwTS2Tx28O0lsOZHmLHs1LeFXXkybp7K9/3eH2V+7IKHzwXbR4HyndjezU+4Ph TcB9uCaQIinHJh8ua5URndmZDUpem32aa6pNiuhVEe3HnuwWAvZCn0ozxuAyF+Ia 0T4ZANu5PaWmAraYkJvgqnBqaAC5r8C3RYNZirPNVFB65yPuKbusFFhnuLY8n5g= =T0CD -----END PGP SIGNATURE-----
--wmfoUN9H7BVcnXbfWpgclnCPbGkBOxnoc--
|
|
|
|