Upstream information

CVE-2011-1097 at MITRE

Description

rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via malformed data.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 5.10
Vector AV:N/AC:H/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity High
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

This issue is currently rated as having moderate severity.

SUSE Bugzilla entry: 684387 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • rsync >= 3.1.0-2.7
Patchnames:
SUSE Linux Enterprise Desktop 12 GA rsync
SUSE Linux Enterprise Desktop 12 SP1
  • rsync >= 3.1.0-2.7
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA rsync
SUSE Linux Enterprise Desktop 12 SP2
  • rsync >= 3.1.0-12.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA rsync
SUSE Linux Enterprise Server 11 SP2
  • rsync >= 3.0.4-2.38.1
Patchnames:
SUSE Linux Enterprise Server 11 SP2 GA rsync
SUSE Linux Enterprise Server 11 SP3
  • rsync >= 3.0.4-2.47.28
Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA rsync
SUSE Linux Enterprise Server 11 SP4
  • rsync >= 3.0.4-2.47.28
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA rsync
SUSE Linux Enterprise Server 12
  • rsync >= 3.1.0-2.7
Patchnames:
SUSE Linux Enterprise Server 12 GA rsync
SUSE Linux Enterprise Server 12 SP1
  • rsync >= 3.1.0-2.7
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA rsync
SUSE Linux Enterprise Server 12 SP2
  • rsync >= 3.1.0-12.1
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA rsync
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • rsync >= 3.1.0-12.1
Patchnames:
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA rsync
SUSE Linux Enterprise Desktop 11 SP1
SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise Server 11 SP1 for VMware
  • rsync >= 3.0.4-2.36.2
sles11-sp1.x86
sles11-sp1.ia64
sles11-sp1.ppc
sled11-sp1.x86
sles11-sp1.x86-64
sles11-sp1.s390x
sles11-sp1-vmware.x86
sles11-sp1-vmware.x86-64
sled11-sp1.x86-64
SAT Patch Nr: 4300
openSUSE 11.2
  • rsync-debuginfo >= 3.0.6-3.5.1
  • rsync-debugsource >= 3.0.6-3.5.1
openSUSE 11.2
  • rsync >= 3.0.6-3.5.1
openSUSE 11.3
  • rsync-debuginfo >= 3.0.7-4.3.1
  • rsync-debugsource >= 3.0.7-4.3.1
openSUSE 11.3
  • rsync >= 3.0.7-4.3.1
openSUSE 11.4
  • rsync >= 3.0.7-8.9.1
openSUSE 11.4
  • rsync >= 3.0.7-8.9.1
  • rsync-debuginfo >= 3.0.7-8.9.1
  • rsync-debugsource >= 3.0.7-8.9.1
Patchnames:
rsync
openSUSE 13.2
  • rsync >= 3.1.1-2.1.2
Patchnames:
openSUSE 13.2 GA rsync
openSUSE Leap 42.1
  • rsync >= 3.1.0-4.1
Patchnames:
openSUSE Leap 42.1 GA rsync
openSUSE Leap 42.2
  • rsync >= 3.1.0-6.3
Patchnames:
openSUSE Leap 42.2 GA rsync
openSUSE Tumbleweed
  • rsync >= 3.1.2-1.5
Patchnames:
openSUSE Tumbleweed GA rsync