SUSE-RU-2023:3370-1

Details

This update for rsync fixes the following issues:

Update to version 3.2.3 (jsc#SLE-21252, jsc#PED-3146)
Add support for using --atimes to preserve atime of files in destination sync (jsc#PED-3145)
Remove SuSEfirewall2 service as this was replaced by firewalld (which already provides a rsyncd service).
Fix --delay-updates never updates after interruption (bsc#1204538)
Arbitrary file write vulnerability via do_server_recv function (bsc#1201840, CVE-2022-29154)
rsync-ssl: Verify the hostname in the certificate when using openssl. (bsc#1176160, CVE-2020-14387)

Affected Packages

rsync

SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP1-LTSSSUSE Linux Enterprise High Performance Computing 15 SP2-LTSSSUSE Linux Enterprise High Performance Computing 15 SP3-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

Fixed in:

3.2.3-150000.4.23.2

References

REPORT

https://bugzilla.suse.com/1176160

REPORT

https://bugzilla.suse.com/1201840

REPORT

https://bugzilla.suse.com/1204538

WEB

https://www.suse.com/security/cve/CVE-2020-14387

WEB

https://www.suse.com/security/cve/CVE-2022-29154

ADVISORY

https://www.suse.com/support/update/announcement/-2023-3370/suse-ru-20233370-1/