7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
An update that fixes one vulnerability is now available.
Description:
This update for syncthing fixes the following issues:
Update to 1.15.0/1.15.1
* This release fixes a vulnerability where Syncthing and the relay
server can crash due to malformed relay protocol messages
(CVE-2021-21404); see GHSA-x462-89pf-6r5h. (boo#1184428)
* This release updates the CLI to use subcommands and adds the
subcommands cli (previously standalone stcli utility) and decrypt (for
offline verifying and decrypting encrypted folders).
* With this release we invite everyone to test the "untrusted
(encrypted) devices" feature. You should not use it yet on important
production data. Thus UI controls are hidden behind a feature flag.
For more information, visit:
https://forum.syncthing.net/t/testing-untrusted-encrypted-devices/16470
Update to 1.14.0
* This release adds configurable device and folder defaults.
* The output format of the /rest/db/browse endpoint has changed.
update to 1.13.1:
* This release adds configuration options for min/max connections (see
https://docs.syncthing.net/advanced/option-connection-limits.html) and
moves the storage of pending devices/folders from the config to the
database (see
https://docs.syncthing.net/dev/rest.html#cluster-endpoints).
* Bugfixes
* Official builds of v1.13.0 come with the Tech Ui, which is impossible
to switch back from
update to 1.12.1:
* Invalid names are allowed and "auto accepted" in folder root path on
Windows
* Sometimes indexes for some folders aren't sent after starting Syncthing
* [Untrusted] Remove Unexpected Items leaves things behind
* Wrong theme on selection
* Quic spamming address resolving
* Deleted locally changed items still shown as locally changed
* Allow specifying remote expected web UI port which would generate a
href somewhere
* Ignore fsync errors when saving ignore files
Update to 1.12.0
- The 1.12.0 release
- adds a new config REST API.
- The 1.11.0 release
- adds the sendFullIndexOnUpgrade option to control whether all index
data is resent when an upgrade is detected, equivalent to starting
Syncthing with --reset-deltas. This (sendFullIndexOnUpgrade=true)
used to be the behavior in previous versions, but is mainly useful
as a troubleshooting step and causes high database churn. The new
default is false.
Update to 1.10.0
Update to 1.9.0
Fix Leap build by requiring at least Go 1.14
Prevent the build system to download Go modules which would require an
internet connection during the build
Update to 1.8.0
Update to 1.4.2:
Update to 1.4.1:
Enhancements:
Other issues:
Update to 1.4.0:
Change the Go build requirement to a more flexible “golang(API) >= 1.12”.
This update was imported from the openSUSE:Leap:15.2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
openSUSE Backports SLE-15-SP2:
zypper in -t patch openSUSE-2021-713=1
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE Backports SLE | 15-SP2 | aarch64 | - opensuse backports sle | < 15-SP2 (aarch64 ppc64le s390x x86_64): | - openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64):.aarch64.rpm |
openSUSE Backports SLE | 15-SP2 | ppc64le | - opensuse backports sle | < 15-SP2 (aarch64 ppc64le s390x x86_64): | - openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64):.ppc64le.rpm |
openSUSE Backports SLE | 15-SP2 | s390x | - opensuse backports sle | < 15-SP2 (aarch64 ppc64le s390x x86_64): | - openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64):.s390x.rpm |
openSUSE Backports SLE | 15-SP2 | x86_64 | - opensuse backports sle | < 15-SP2 (aarch64 ppc64le s390x x86_64): | - openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64):.x86_64.rpm |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P