Red Hat Product Errata RHSA-2022:7793 - Security Advisory
Issued:
2022-11-08
Updated:
2022-11-08

RHSA-2022:7793 - Security Advisory

Synopsis

Moderate: rsync security and enhancement update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for rsync is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool.

Security Fix(es):

  • zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field (CVE-2022-37434)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.8 x86_64
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64

Fixes

  • BZ - 2043753 - [RFE] Improve defaults for sparse file buffering.
  • BZ - 2116639 - CVE-2022-37434 zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field

Red Hat Enterprise Linux for x86_64 8

SRPM
rsync-3.1.3-19.el8.src.rpm SHA-256: b6b4d27d0b189df08f67887dd54363e84f4027f74b2875e02db1738f167759ae
x86_64
rsync-3.1.3-19.el8.x86_64.rpm SHA-256: b98d3da6964a7640870f11be846ade2efe51cb1eedc38cc6ae31fe90b1c61123
rsync-daemon-3.1.3-19.el8.noarch.rpm SHA-256: 29d7fe0a389c1544828376cccb6520ecfe8cb0dcda48e96219f0f650842a86af
rsync-debuginfo-3.1.3-19.el8.x86_64.rpm SHA-256: f535d12f7ed6647fa746d5731563b3bccece8590712538318165f3dfdd6b74af
rsync-debugsource-3.1.3-19.el8.x86_64.rpm SHA-256: d1c87255a24493d3e8db7da48fda33e29f2497c6a00b749fb0e3ec5b5cbfb3c0

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8

SRPM
rsync-3.1.3-19.el8.src.rpm SHA-256: b6b4d27d0b189df08f67887dd54363e84f4027f74b2875e02db1738f167759ae
x86_64
rsync-3.1.3-19.el8.x86_64.rpm SHA-256: b98d3da6964a7640870f11be846ade2efe51cb1eedc38cc6ae31fe90b1c61123
rsync-daemon-3.1.3-19.el8.noarch.rpm SHA-256: 29d7fe0a389c1544828376cccb6520ecfe8cb0dcda48e96219f0f650842a86af
rsync-debuginfo-3.1.3-19.el8.x86_64.rpm SHA-256: f535d12f7ed6647fa746d5731563b3bccece8590712538318165f3dfdd6b74af
rsync-debugsource-3.1.3-19.el8.x86_64.rpm SHA-256: d1c87255a24493d3e8db7da48fda33e29f2497c6a00b749fb0e3ec5b5cbfb3c0

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8

SRPM
rsync-3.1.3-19.el8.src.rpm SHA-256: b6b4d27d0b189df08f67887dd54363e84f4027f74b2875e02db1738f167759ae
x86_64
rsync-3.1.3-19.el8.x86_64.rpm SHA-256: b98d3da6964a7640870f11be846ade2efe51cb1eedc38cc6ae31fe90b1c61123
rsync-daemon-3.1.3-19.el8.noarch.rpm SHA-256: 29d7fe0a389c1544828376cccb6520ecfe8cb0dcda48e96219f0f650842a86af
rsync-debuginfo-3.1.3-19.el8.x86_64.rpm SHA-256: f535d12f7ed6647fa746d5731563b3bccece8590712538318165f3dfdd6b74af
rsync-debugsource-3.1.3-19.el8.x86_64.rpm SHA-256: d1c87255a24493d3e8db7da48fda33e29f2497c6a00b749fb0e3ec5b5cbfb3c0

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
rsync-3.1.3-19.el8.src.rpm SHA-256: b6b4d27d0b189df08f67887dd54363e84f4027f74b2875e02db1738f167759ae
s390x
rsync-3.1.3-19.el8.s390x.rpm SHA-256: c881c651bb369df57cf1d84214765b5fd7ec8f5ff0626f6c82e722ad529baa47
rsync-daemon-3.1.3-19.el8.noarch.rpm SHA-256: 29d7fe0a389c1544828376cccb6520ecfe8cb0dcda48e96219f0f650842a86af
rsync-debuginfo-3.1.3-19.el8.s390x.rpm SHA-256: f78d36aee0dccf08eb6b9c82bb4210075de51e195cc73638b9eef1ed7da8a287
rsync-debugsource-3.1.3-19.el8.s390x.rpm SHA-256: b01f27f553a7e37dc08e94d945360b794f5d8ce8334040d9463c45334a13d3e2

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8

SRPM
rsync-3.1.3-19.el8.src.rpm SHA-256: b6b4d27d0b189df08f67887dd54363e84f4027f74b2875e02db1738f167759ae
s390x
rsync-3.1.3-19.el8.s390x.rpm SHA-256: c881c651bb369df57cf1d84214765b5fd7ec8f5ff0626f6c82e722ad529baa47
rsync-daemon-3.1.3-19.el8.noarch.rpm SHA-256: 29d7fe0a389c1544828376cccb6520ecfe8cb0dcda48e96219f0f650842a86af
rsync-debuginfo-3.1.3-19.el8.s390x.rpm SHA-256: f78d36aee0dccf08eb6b9c82bb4210075de51e195cc73638b9eef1ed7da8a287
rsync-debugsource-3.1.3-19.el8.s390x.rpm SHA-256: b01f27f553a7e37dc08e94d945360b794f5d8ce8334040d9463c45334a13d3e2

Red Hat Enterprise Linux for Power, little endian 8

SRPM
rsync-3.1.3-19.el8.src.rpm SHA-256: b6b4d27d0b189df08f67887dd54363e84f4027f74b2875e02db1738f167759ae
ppc64le
rsync-3.1.3-19.el8.ppc64le.rpm SHA-256: 1082715b09ddfaac813a7e8bc6edb5d5ad4456710ae71cd52785cf4ca69fbf39
rsync-daemon-3.1.3-19.el8.noarch.rpm SHA-256: 29d7fe0a389c1544828376cccb6520ecfe8cb0dcda48e96219f0f650842a86af
rsync-debuginfo-3.1.3-19.el8.ppc64le.rpm SHA-256: 89fa1501de54b6407f29675d829a9ad53206ada4de5d59eb53940d5dd61e39f9
rsync-debugsource-3.1.3-19.el8.ppc64le.rpm SHA-256: b4341b26a4405079492f06a92e650bc01d1b5237ac9143ee615ef5265959c043

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8

SRPM
rsync-3.1.3-19.el8.src.rpm SHA-256: b6b4d27d0b189df08f67887dd54363e84f4027f74b2875e02db1738f167759ae
ppc64le
rsync-3.1.3-19.el8.ppc64le.rpm SHA-256: 1082715b09ddfaac813a7e8bc6edb5d5ad4456710ae71cd52785cf4ca69fbf39
rsync-daemon-3.1.3-19.el8.noarch.rpm SHA-256: 29d7fe0a389c1544828376cccb6520ecfe8cb0dcda48e96219f0f650842a86af
rsync-debuginfo-3.1.3-19.el8.ppc64le.rpm SHA-256: 89fa1501de54b6407f29675d829a9ad53206ada4de5d59eb53940d5dd61e39f9
rsync-debugsource-3.1.3-19.el8.ppc64le.rpm SHA-256: b4341b26a4405079492f06a92e650bc01d1b5237ac9143ee615ef5265959c043

Red Hat Enterprise Linux Server - TUS 8.8

SRPM
rsync-3.1.3-19.el8.src.rpm SHA-256: b6b4d27d0b189df08f67887dd54363e84f4027f74b2875e02db1738f167759ae
x86_64
rsync-3.1.3-19.el8.x86_64.rpm SHA-256: b98d3da6964a7640870f11be846ade2efe51cb1eedc38cc6ae31fe90b1c61123
rsync-daemon-3.1.3-19.el8.noarch.rpm SHA-256: 29d7fe0a389c1544828376cccb6520ecfe8cb0dcda48e96219f0f650842a86af
rsync-debuginfo-3.1.3-19.el8.x86_64.rpm SHA-256: f535d12f7ed6647fa746d5731563b3bccece8590712538318165f3dfdd6b74af
rsync-debugsource-3.1.3-19.el8.x86_64.rpm SHA-256: d1c87255a24493d3e8db7da48fda33e29f2497c6a00b749fb0e3ec5b5cbfb3c0

Red Hat Enterprise Linux for ARM 64 8

SRPM
rsync-3.1.3-19.el8.src.rpm SHA-256: b6b4d27d0b189df08f67887dd54363e84f4027f74b2875e02db1738f167759ae
aarch64
rsync-3.1.3-19.el8.aarch64.rpm SHA-256: 49d5c0d370e3a87146f5d97abc4172db8aa60bbbd91bbbf3a367ccfe74f56c37
rsync-daemon-3.1.3-19.el8.noarch.rpm SHA-256: 29d7fe0a389c1544828376cccb6520ecfe8cb0dcda48e96219f0f650842a86af
rsync-debuginfo-3.1.3-19.el8.aarch64.rpm SHA-256: b7dbec265b6853ccb67f4026235a97732e6984a0387f13c90a754a9f343d27ad
rsync-debugsource-3.1.3-19.el8.aarch64.rpm SHA-256: 4ffe4d910de3843b666f5a5362d437688ceaa8d2563898a035fc2c4514e45c3b

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8

SRPM
rsync-3.1.3-19.el8.src.rpm SHA-256: b6b4d27d0b189df08f67887dd54363e84f4027f74b2875e02db1738f167759ae
aarch64
rsync-3.1.3-19.el8.aarch64.rpm SHA-256: 49d5c0d370e3a87146f5d97abc4172db8aa60bbbd91bbbf3a367ccfe74f56c37
rsync-daemon-3.1.3-19.el8.noarch.rpm SHA-256: 29d7fe0a389c1544828376cccb6520ecfe8cb0dcda48e96219f0f650842a86af
rsync-debuginfo-3.1.3-19.el8.aarch64.rpm SHA-256: b7dbec265b6853ccb67f4026235a97732e6984a0387f13c90a754a9f343d27ad
rsync-debugsource-3.1.3-19.el8.aarch64.rpm SHA-256: 4ffe4d910de3843b666f5a5362d437688ceaa8d2563898a035fc2c4514e45c3b

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8

SRPM
rsync-3.1.3-19.el8.src.rpm SHA-256: b6b4d27d0b189df08f67887dd54363e84f4027f74b2875e02db1738f167759ae
ppc64le
rsync-3.1.3-19.el8.ppc64le.rpm SHA-256: 1082715b09ddfaac813a7e8bc6edb5d5ad4456710ae71cd52785cf4ca69fbf39
rsync-daemon-3.1.3-19.el8.noarch.rpm SHA-256: 29d7fe0a389c1544828376cccb6520ecfe8cb0dcda48e96219f0f650842a86af
rsync-debuginfo-3.1.3-19.el8.ppc64le.rpm SHA-256: 89fa1501de54b6407f29675d829a9ad53206ada4de5d59eb53940d5dd61e39f9
rsync-debugsource-3.1.3-19.el8.ppc64le.rpm SHA-256: b4341b26a4405079492f06a92e650bc01d1b5237ac9143ee615ef5265959c043

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8

SRPM
rsync-3.1.3-19.el8.src.rpm SHA-256: b6b4d27d0b189df08f67887dd54363e84f4027f74b2875e02db1738f167759ae
x86_64
rsync-3.1.3-19.el8.x86_64.rpm SHA-256: b98d3da6964a7640870f11be846ade2efe51cb1eedc38cc6ae31fe90b1c61123
rsync-daemon-3.1.3-19.el8.noarch.rpm SHA-256: 29d7fe0a389c1544828376cccb6520ecfe8cb0dcda48e96219f0f650842a86af
rsync-debuginfo-3.1.3-19.el8.x86_64.rpm SHA-256: f535d12f7ed6647fa746d5731563b3bccece8590712538318165f3dfdd6b74af
rsync-debugsource-3.1.3-19.el8.x86_64.rpm SHA-256: d1c87255a24493d3e8db7da48fda33e29f2497c6a00b749fb0e3ec5b5cbfb3c0

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.