(RHSA-2004:436) rsync security update

2004-09-0100:00:00

access.redhat.com

0.006 Low

EPSS

Percentile

78.0%

JSON

The rsync program synchronizes files over a network.

Versions of rsync up to and including version 2.6.2 contain a path
sanitization issue. This issue could allow an attacker to read or write
files outside of the rsync directory. This vulnerability is only
exploitable when an rsync server is enabled and is not running within a
chroot. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0792 to this issue.

Users of rsync are advised to upgrade to this updated package, which
contains a backported patch and is not affected by this issue.

OSVersionArchitecturePackageVersionFilename
RedHatanyi386rsync< 2.5.7-5.3Ersync-2.5.7-5.3E.i386.rpm
RedHatanys390xrsync< 2.5.7-5.3Ersync-2.5.7-5.3E.s390x.rpm
RedHatanyia64rsync< 2.5.7-5.3Ersync-2.5.7-5.3E.ia64.rpm
RedHatanyia64rsync< 2.5.7-3.21AS.1rsync-2.5.7-3.21AS.1.ia64.rpm
RedHatanyi386rsync< 2.5.7-3.21AS.1rsync-2.5.7-3.21AS.1.i386.rpm
RedHatanyppcrsync< 2.5.7-5.3Ersync-2.5.7-5.3E.ppc.rpm
RedHatanyppc64rsync< 2.5.7-5.3Ersync-2.5.7-5.3E.ppc64.rpm
RedHatanyx86_64rsync< 2.5.7-5.3Ersync-2.5.7-5.3E.x86_64.rpm
RedHatanys390rsync< 2.5.7-5.3Ersync-2.5.7-5.3E.s390.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	i386	rsync	< 2.5.7-5.3E	rsync-2.5.7-5.3E.i386.rpm
RedHat	any	s390x	rsync	< 2.5.7-5.3E	rsync-2.5.7-5.3E.s390x.rpm
RedHat	any	ia64	rsync	< 2.5.7-5.3E	rsync-2.5.7-5.3E.ia64.rpm
RedHat	any	ia64	rsync	< 2.5.7-3.21AS.1	rsync-2.5.7-3.21AS.1.ia64.rpm
RedHat	any	i386	rsync	< 2.5.7-3.21AS.1	rsync-2.5.7-3.21AS.1.i386.rpm
RedHat	any	ppc	rsync	< 2.5.7-5.3E	rsync-2.5.7-5.3E.ppc.rpm
RedHat	any	ppc64	rsync	< 2.5.7-5.3E	rsync-2.5.7-5.3E.ppc64.rpm
RedHat	any	x86_64	rsync	< 2.5.7-5.3E	rsync-2.5.7-5.3E.x86_64.rpm
RedHat	any	s390	rsync	< 2.5.7-5.3E	rsync-2.5.7-5.3E.s390.rpm

0.006 Low

EPSS

Percentile

78.0%

JSON

Related for RHSA-2004:436