Open Source Development

Power Open Source Development

Explore the open source tools and capabilities for building and deploying modern applications on IBM Power platforms including AIX, IBM i, and Linux.


#Power


#Power

 View Only
Back to discussions
Expand all | Collapse all

rsync security vulnerability fix on AIX toolbox

  • 1.  rsync security vulnerability fix on AIX toolbox

    Posted Wed April 11, 2018 11:00 AM

    Originally posted by: sanket


     

     

    rsync-3.1.3-1.aix6.1.ppc.rpm is now available on AIX toolbox.

     

    This version of rsync has fixes for following security vulnerabilities.

    CVE-2017-17434
    CVE-2017-17433
    CVE-2017-16548

    CVE-2018-5764

     

    You can also use YUM to update to these versions of rsync from AIX toolbox repository

    Thanks

     


    #AIX-Open-Source-Software
    #AIXOpenSource


  • 2.  Re: rsync security vulnerability fix on AIX toolbox

    Posted Tue April 17, 2018 06:03 AM
      |   view attached

    Originally posted by: ejk


    Previous version started in daemon mode

    # oslevel -s
    7200-02-02-1810

    # rpm -q rsync
    rsync-3.1.2-2.ppc

     

    Entry from the log file

    2018/04/17 12:50:15 [7012724] rsyncd version 3.1.2 starting, listening on port 873

     

    The 3.1.3 version does not start in daemon mode

    # rpm -q rsync
    rsync-3.1.3-1.ppc

    # /usr/bin/rsync --daemon

     

    Each startup adds these four same, excluding timestamp and PID, lines in the log file are:



    2018/04/17 12:52:33 [6685068] rsyncd version 3.1.3 starting, listening on port 873
    2018/04/17 12:52:33 [6685068] bind() failed: Invalid argument (address-family 2)
    2018/04/17 12:52:33 [6685068] unable to bind any inbound sockets on port 873
    2018/04/17 12:52:33 [6685068] rsync error: error in socket IO (code 10) at socket.c(555) [Receiver=3.1.3]

     

    I've tried various combination of "-4", "--ipv4", "-6", "--ipv6", "--verbose" and "--no-detach" arguments, none have resulted in rsync running in daemon mode.

    I've attached output from "truss -a -d -D -e -f -l -mall -m!fltpage -s all -t all -X rsync --daemon" to this post.

     

     

     


    #AIX-Open-Source-Software
    #AIXOpenSource

    Attachment(s)

    log
    truss.2018-04-17.log   14 KB 1 version


  • 3.  Re: rsync security vulnerability fix on AIX toolbox

    Posted Fri April 20, 2018 07:30 AM

    Originally posted by: sanket


    We will look into this issue.


    #AIX-Open-Source-Software
    #AIXOpenSource


  • 4.  Re: rsync security vulnerability fix on AIX toolbox

    Posted Wed July 11, 2018 03:18 PM

    Originally posted by: Montani.SL


    Anyone ever solve this? Just hit me after an update.

    UPDATE: Downgrading to previous version worked.


    #AIXOpenSource
    #AIX-Open-Source-Software


  • 5.  Re: rsync security vulnerability fix on AIX toolbox

    Posted Fri July 13, 2018 05:46 AM

    Originally posted by: sanket


     

    Yes the issue is resolved. 

    We missed to upload the fixed version that we will do in a day or two. 

    Thanks for reporting and reminding us about the issue.


    #AIXOpenSource
    #AIX-Open-Source-Software


  • 6.  Re: rsync security vulnerability fix on AIX toolbox

    Posted Wed July 18, 2018 02:39 PM

    Originally posted by: sanket


     

    We have uploaded the fixed version of rsync at following location.

    Please use yum to update or download and install.

    https://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/rsync/rsync-3.1.3-2.aix6.1.ppc.rpm

     

    Thanks

     


    #AIXOpenSource
    #AIX-Open-Source-Software


Related Content