Overview

File _patchinfo of Package patchinfo.28338

<patchinfo incident="28338">
  <issue tracker="jsc" id="PED-3146"/>
  <issue tracker="jsc" id="PED-3145"/>
  <issue tracker="bnc" id="1204538">rsync --delay-updates never updates after interruption</issue>
  <issue tracker="bnc" id="1201840">VUL-0: CVE-2022-29154: rsync: arbitrary file write vulnerability via do_server_recv function</issue>
  <issue tracker="bnc" id="1176160">VUL-0: CVE-2020-14387: rsync:  rsync-ssl does not verify the hostname in the server certificate when using openssl</issue>
  <issue tracker="cve" id="2022-29154"/>
  <issue tracker="cve" id="2020-14387"/>
  <issue tracker="jsc" id="SLE-21252"/>
  <packager>david.anes</packager>
  <rating>moderate</rating>
  <category>recommended</category>
  <summary>Recommended update for rsync</summary>
  <description>This update for rsync fixes the following issues:

- Update to version 3.2.3 (jsc#SLE-21252, jsc#PED-3146)
- Add support for using --atimes to preserve atime of files in destination sync (jsc#PED-3145)
- Remove SuSEfirewall2 service as this was replaced by firewalld (which already provides a rsyncd service).
- Fix --delay-updates never updates after interruption (bsc#1204538)
- Arbitrary file write vulnerability via do_server_recv function (bsc#1201840, CVE-2022-29154)
- rsync-ssl: Verify the hostname in the certificate when using openssl. (bsc#1176160, CVE-2020-14387)

</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places