This repository has been archived by the owner on Mar 16, 2022. It is now read-only.
1.184.0
·
107 commits
to master
since this release
Notably, this release addresses:
USN-3543-1 Ubuntu Security Notice USN-3543-1:
- CVE-2017-16548: The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.
- CVE-2018-5764: The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.
USN-3540-2 Ubuntu Security Notice USN-3540-2:
- CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
- CVE-2017-5753: Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
- CVE-2017-5754: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
-ii rsync 3.1.0-2ubuntu0.3 amd64 fast, versatile, remote (and local) file-copying tool
+ii rsync 3.1.0-2ubuntu0.4 amd64 fast, versatile, remote (and local) file-copying tool