Packages
- rsync - fast, versatile, remote (and local) file-copying tool
Details
It was discovered that rsync proceeds with certain file metadata updates
before checking for a filename. An attacker could use this to bypass access
restrictions. (CVE-2017-17433)
It was discovered that rsync does not check for fnamecmp filenames and also
does not apply the sanitize_paths protection mechanism to pathnames. An attacker
could use this to bypass access restrictions. (CVE-2017-17434)
It was discovered that rsync proceeds with certain file metadata updates
before checking for a filename. An attacker could use this to bypass access
restrictions. (CVE-2017-17433)
It was discovered that rsync does not check for fnamecmp filenames and also
does not apply the sanitize_paths protection mechanism to pathnames. An attacker
could use this to bypass access restrictions. (CVE-2017-17434)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
Ubuntu Release | Package Version | ||
---|---|---|---|
17.10 artful | rsync – 3.1.2-2ubuntu0.1 | ||
17.04 zesty | rsync – 3.1.2-1ubuntu0.1 | ||
16.04 xenial | rsync – 3.1.1-3ubuntu1.1 | ||
14.04 trusty | rsync – 3.1.0-2ubuntu0.3 |
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.