Debian Security Advisory

DSA-4068-1 rsync -- security update

Date Reported:
17 Dec 2017
Affected Packages:
rsync
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 880954, Bug 883665, Bug 883667.
In Mitre's CVE dictionary: CVE-2017-16548, CVE-2017-17433, CVE-2017-17434.
More information:

Several vulnerabilities were discovered in rsync, a fast, versatile, remote (and local) file-copying tool, allowing a remote attacker to bypass intended access restrictions or cause a denial of service.

For the oldstable distribution (jessie), these problems have been fixed in version 3.1.1-3+deb8u1.

For the stable distribution (stretch), these problems have been fixed in version 3.1.2-1+deb9u1.

We recommend that you upgrade your rsync packages.

For the detailed security status of rsync please refer to its security tracker page at: https://security-tracker.debian.org/tracker/rsync