From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 2F0D4138206 for ; Wed, 17 Jan 2018 02:23:54 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 2A29FE07D3; Wed, 17 Jan 2018 02:23:53 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 07ED9E07D3 for ; Wed, 17 Jan 2018 02:23:52 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 525E4335C5B for ; Wed, 17 Jan 2018 02:23:51 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 5CDD91B9 for ; Wed, 17 Jan 2018 02:23:49 +0000 (UTC) From: "Mikle Kolyada" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Mikle Kolyada" Message-ID: <1516155826.b90a90bed2629830e2ae17fee9d100637b3fce81.zlogene@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: / X-VCS-Repository: repo/gentoo X-VCS-Files: glsa-201801-16.xml X-VCS-Directories: / X-VCS-Committer: zlogene X-VCS-Committer-Name: Mikle Kolyada X-VCS-Revision: b90a90bed2629830e2ae17fee9d100637b3fce81 X-VCS-Branch: master Date: Wed, 17 Jan 2018 02:23:49 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: f568fc63-0c87-46b0-9144-1e931d1b4e72 X-Archives-Hash: 8b75323cc433ee932f726e91fa496aba commit: b90a90bed2629830e2ae17fee9d100637b3fce81 Author: Mikle Kolyada gentoo org> AuthorDate: Wed Jan 17 02:21:26 2018 +0000 Commit: Mikle Kolyada gentoo org> CommitDate: Wed Jan 17 02:23:46 2018 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b90a90be Add GLSA 201801-16 glsa-201801-16.xml | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/glsa-201801-16.xml b/glsa-201801-16.xml new file mode 100644 index 00000000000..200f2586ae1 --- /dev/null +++ b/glsa-201801-16.xml @@ -0,0 +1,52 @@ + + + + rsync: Multiple vulnerabilities + Multiple vulnerabilities have been found in rsync, the worst of + which could allow remote attackers to bypass access restrictions. + + rsync + 2018-01-17 + 2018-01-17 + 636714 + 640570 + remote + + + 3.1.2-r2 + 3.1.2-r2 + + + +

File transfer program to keep remote files into sync.

+ + +

Multiple vulnerabilities have been discovered in rsync. Please review + the CVE identifiers referenced below for details. +

+ + +

A remote attacker could bypass intended access restrictions or cause a + Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All rsync users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-misc/rsync-3.1.2-r2" + + + + + CVE-2017-16548 + CVE-2017-17433 + CVE-2017-17434 + + whissi + whissi +