Debian Security Advisory
DSA-4068-1 rsync -- security update
- Date Reported:
- 17 Dec 2017
- Affected Packages:
- rsync
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 880954, Bug 883665, Bug 883667.
In Mitre's CVE dictionary: CVE-2017-16548, CVE-2017-17433, CVE-2017-17434. - More information:
-
Several vulnerabilities were discovered in rsync, a fast, versatile, remote (and local) file-copying tool, allowing a remote attacker to bypass intended access restrictions or cause a denial of service.
For the oldstable distribution (jessie), these problems have been fixed in version 3.1.1-3+deb8u1.
For the stable distribution (stretch), these problems have been fixed in version 3.1.2-1+deb9u1.
We recommend that you upgrade your rsync packages.
For the detailed security status of rsync please refer to its security tracker page at: https://security-tracker.debian.org/tracker/rsync