CVE-2017-17433 Ubuntu Security Notification for Rsync Vulnerabilities (USN-3506-1)

It was discovered that rsync proceeds with certain file metadata updates before checking for a filename.

It was discovered that rsync does not check for fnamecmp filenames and also does not apply the sanitize_paths protection mechanism to pathnames.

An attacker could use this to bypass access restrictions. (CVE-2017-17433)

An attacker could use this to bypass access restrictions. (CVE-2017-17434)

Refer to Ubuntu advisory USN-3506-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3506-1: 16.04 (Xenial) on src (rsync)

USN-3506-1: 17.10 (artful) on src (rsync)

USN-3506-1: 17.04 (zesty) on src (rsync)

USN-3506-1: 14.04 (Kylin) on src (rsync)