USN-5573-1: rsync vulnerability

Releases

• Ubuntu 20.04 LTS
• Ubuntu 18.04 ESM
• Ubuntu 16.04 ESM

Packages

• rsync - fast, versatile, remote (and local) file-copying tool

Details

Evgeny Legerov discovered that zlib incorrectly handled memory when
performing certain inflate operations. An attacker could use this issue
to cause rsync to crash, resulting in a denial of service, or possibly
execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.04

• rsync - 3.1.3-8ubuntu0.4

Ubuntu 18.04

• rsync - 3.1.2-2.1ubuntu1.5

Ubuntu 16.04

• rsync - 3.1.1-3ubuntu1.3+esm2
  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

• CVE-2022-37434

Related notices

• USN-5570-1: lib64z1, zlib1g, lib32z1, lib64z1-dev, zlib, zlib-bin, lib32z1-dev, libx32z1, zlib1g-dev, libx32z1-dev
• USN-5570-2: lib64z1, zlib1g, lib32z1, lib64z1-dev, zlib, lib32z1-dev, libx32z1, zlib1g-dev, libx32z1-dev
• USN-6736-1: klibc-utils, libklibc, libklibc-dev, klibc
• USN-6736-2: klibc-utils, libklibc, libklibc-dev, klibc