=====================================================================

                                  CERT-Renater

                      Note d'Information No. 2022/VULN305

_____________________________________________________________________

DATE                : 31/08/2022

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running rsync versions prior to 3.2.5.

=====================================================================
https://rsync.samba.org/security.html
_____________________________________________________________________

Improved file-list validation in 3.2.5
August 14th, 2022

If you are running an rsync older than 3.2.5 and pulling files from an
untrusted server, upgrade to 3.2.5 to get some added file-list
validation rules that should prevent the sender from sneaking in extra
top-level arguments and/or including files/dirs that should have been
filtered out by the client's filter rules. Fixes CVE-2022-29154.


Zlib memory corruption bug in rsync 2.6.6 - 3.2.4
August 14th, 2022

If your rsync is configured to use the bundled zlib, you should upgrade
to 3.2.5 which contains the official zlib fix for a buffer overrun bug
that was detailed in CVE-2022-37434. While you're at it, be sure to
update your system's zlib.


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================