{"affected":[{"ecosystem_specific":{"binaries":[{"rsync":"3.1.0-13.7.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP2","name":"rsync","purl":"pkg:rpm/suse/rsync&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.1.0-13.7.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"rsync":"3.1.0-13.7.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP3","name":"rsync","purl":"pkg:rpm/suse/rsync&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.1.0-13.7.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"rsync":"3.1.0-13.7.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for Raspberry Pi 12 SP2","name":"rsync","purl":"pkg:rpm/suse/rsync&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.1.0-13.7.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"rsync":"3.1.0-13.7.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2","name":"rsync","purl":"pkg:rpm/suse/rsync&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.1.0-13.7.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"rsync":"3.1.0-13.7.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP2","name":"rsync","purl":"pkg:rpm/suse/rsync&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.1.0-13.7.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"rsync":"3.1.0-13.7.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP3","name":"rsync","purl":"pkg:rpm/suse/rsync&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.1.0-13.7.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"rsync":"3.1.0-13.7.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP3","name":"rsync","purl":"pkg:rpm/suse/rsync&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.1.0-13.7.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for rsync fixes several issues.\n\nThese security issues were fixed:\n\n- CVE-2017-17434: The daemon in rsync did not check for fnamecmp filenames in\n  the daemon_filter_list data structure (in the recv_files function in\n  receiver.c) and also did not apply the sanitize_paths protection mechanism to\n  pathnames found in 'xname follows' strings (in the read_ndx_and_attrs function\n  in rsync.c), which allowed remote attackers to bypass intended access\n  restrictions' (bsc#1071460).\n- CVE-2017-17433: The recv_files function in receiver.c in the daemon in rsync,\n  proceeded with certain file metadata updates before checking for a filename in\n  the daemon_filter_list data structure, which allowed remote attackers to bypass\n  intended access restrictions (bsc#1071459).\n- CVE-2017-16548: The receive_xattr function in xattrs.c in rsync did not check\n  for a trailing '\\\\0' character in an xattr name, which allowed remote attackers\n  to cause a denial of service (heap-based buffer over-read and application\n  crash) or possibly have unspecified other impact by sending crafted data to the\n  daemon (bsc#1066644).\n\nThis non-security issue was fixed:\n\n- Stop file upload after errors like a full disk (bsc#1062063)\n- Ensure -X flag works even when setting owner/group (bsc#1028842)\n","id":"SUSE-SU-2018:0118-1","modified":"2018-01-17T07:31:45Z","published":"2018-01-17T07:31:45Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20180118-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1028842"},{"type":"REPORT","url":"https://bugzilla.suse.com/1062063"},{"type":"REPORT","url":"https://bugzilla.suse.com/1066644"},{"type":"REPORT","url":"https://bugzilla.suse.com/1071459"},{"type":"REPORT","url":"https://bugzilla.suse.com/1071460"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-16548"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-17433"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-17434"}],"related":["CVE-2017-16548","CVE-2017-17433","CVE-2017-17434"],"summary":"Security update for rsync","upstream":["CVE-2017-16548","CVE-2017-17433","CVE-2017-17434"]}