Description
In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are more widely vulnerable.
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 debian 11 | | =3.2.3-4 || =3.2.3-4+deb11u1 || =3.2.3-4+deb11u2 || =3.2.3-4+deb11u3 || =3.2.3-4+deb11u4 || =3.2.3-5 || =3.2.3-6 || =3.2.3-7 || =3.2.3-8 || =3.2.4-1 || =3.2.4-1~bpo11+1 || =3.2.5-1 || =3.2.6-1 || =3.2.6-2 || =3.2.6-3 || =3.2.6-4 || =3.2.7-1 || =3.2.7-1~bpo11+1 || =3.3.0+ds1-1 || =3.3.0+ds1-2 || =3.3.0+ds1-3 || =3.3.0+ds1-4 || =3.3.0-1 || =3.4.1+ds1-1 || =3.4.1+ds1-2 || =3.4.1+ds1-3 || =3.4.1+ds1-4 || =3.4.1+ds1-4~exp1 || =3.4.1+ds1-4~exp2 || =3.4.1+ds1-5 || =3.4.1+ds1-5~exp1 || =3.4.1+ds1-6 || =3.4.1+ds1-7 || =3.4.1+ds1-8~exp1 || =3.4.2+ds1-1 || =3.4.2+ds1-2 || =3.4.3+ds1-1 || =3.4.3+ds1-2 | - |
 rpm rhel7 | | - | - |
 alpine v3.21 | | | 3.4.1-r2 |
alpine v3.23 | | | 3.4.1-r2 |
rpm rhel10 | | | 0:3.4.1-6.el10_2 |
debian 12 | | =3.2.7-1 || =3.2.7-1+deb12u1 || =3.2.7-1+deb12u2 || =3.2.7-1+deb12u3 || =3.2.7-1+deb12u4 || =3.2.7-1+deb12u5 || =3.3.0+ds1-1 || =3.3.0+ds1-2 || =3.3.0+ds1-3 || =3.3.0+ds1-4 || =3.3.0-1 || =3.4.1+ds1-1 || =3.4.1+ds1-2 || =3.4.1+ds1-3 || =3.4.1+ds1-4 || =3.4.1+ds1-4~exp1 || =3.4.1+ds1-4~exp2 || =3.4.1+ds1-5 || =3.4.1+ds1-5~exp1 || =3.4.1+ds1-6 || =3.4.1+ds1-7 || =3.4.1+ds1-8~exp1 || =3.4.2+ds1-1 || =3.4.2+ds1-2 || =3.4.3+ds1-1 || =3.4.3+ds1-2 | - |
debian 13 | | =3.4.1+ds1-5 || =3.4.1+ds1-5+deb13u1 || >=0 <3.4.1+ds1-5+deb13u2 | 3.4.1+ds1-5+deb13u2 |
debian 14 | | =3.4.1+ds1-5 || =3.4.1+ds1-6 || =3.4.1+ds1-7 || =3.4.1+ds1-8~exp1 || >=0 <3.4.2+ds1-1 | 3.4.2+ds1-1 |
rpm rhel6 | | - | - |
rpm rhel8 | | | 0:3.1.3-25.el8_10 |
