Lucene search

Gentoo FoundationMGASA-2015-0065

HistoryFeb 15, 2015 - 6:57 p.m.

Updated rsync package fixes security vulnerability

2015-02-1518:57:20

Gentoo Foundation

advisories.mageia.org

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.047 Low

EPSS

Percentile

92.6%

JSON

Updated rsync package fixes security vulnerability: Ryan Finnie discovered that rsync 3.1.0 contains a denial of service issue when attempting to authenticate using a nonexistent username. A remote attacker could use this flaw to cause a denial of service via CPU consumption (CVE-2014-2855). The previous update for this issue in MGASA-2014-0179 failed to properly apply the needed patch, so the package has been rebuilt to address this issue.

OSVersionArchitecturePackageVersionFilename
Mageia4noarchrsync< 3.1.0-4.3rsync-3.1.0-4.3.mga4

OS	Version	Architecture	Package	Version	Filename
Mageia	4	noarch	rsync	< 3.1.0-4.3	rsync-3.1.0-4.3.mga4

References

advisories.mageia.org/MGASA-2014-0179.html

openwall.com/lists/oss-security/2014/04/15/1

bugs.mageia.org/show_bug.cgi?id=13214

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.047 Low

EPSS

Percentile

92.6%

JSON

Related for MGASA-2015-0065