SUSE-SU-2016:0176-1

Details

This update for rsync fixes two security issues:

CVE-2014-8242: Checksum collisions leading to a denial of service (bsc#900914)
CVE-2014-9512: Malicious servers could send files outside of the transferred directory (bsc#915410)

Affected Packages

rsync

SUSE Linux Enterprise Desktop 11 SP3SUSE Linux Enterprise Desktop 11 SP4SUSE Linux Enterprise Server 11 SP3SUSE Linux Enterprise Server 11 SP3-TERADATASUSE Linux Enterprise Server 11 SP4

Fixed in:

3.0.4-2.49.1

References

REPORT

https://bugzilla.suse.com/900914

REPORT

https://bugzilla.suse.com/915410

WEB

https://www.suse.com/security/cve/CVE-2014-8242

WEB

https://www.suse.com/security/cve/CVE-2014-9512

ADVISORY

https://www.suse.com/support/update/announcement/2016/suse-su-20160176-1/