MGASA-2020-0108

Advisory lineage Upstream: 4 Downstream: 0
Published: 29 Feb 2020, 13:42
Last modified:16 Apr 2026, 04:26

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

29 Feb 2020, 13:42
Published
Vulnerability first disclosed
16 Apr 2026, 04:26
Last Modified
Vulnerability information updated

Description

Updated rsync packages fix security vulnerabilities Updated rsync packages fix security vulnerabilities: It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2016-9840, CVE-2016-9841) It was discovered that rsync incorrectly handled vectors involving left shifts of negative integers in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2016-9842). It was discovered that rsync incorrectly handled vectors involving big- endian CRC calculation in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2016-9843). Please note, we now compile against system zlib. If rsync fails to sync with older remote systems using compression (-z), you have either update the remote host to a newer version or disable compression.

Affected Systems

  • mageiarsync

    < 3.1.3-4.mga7

References (2)