|Related CVE||CVE-2016-9840 CVE-2016-9841 CVE-2016-9843|
Trail of Bits used the automated vulnerability discovery tools developed for the DARPA Cyber Grand Challenge to audit zlib. As rsync, a fast, versatile, remote (and local) file-copying tool, uses an embedded copy of zlib, those issues are also present in rsync.
CVE-2016-9840 In order to avoid undefined behavior, remove offset pointer optimization, as this is not compliant with the C standard.
CVE-2016-9841 Only use post-increment to be compliant with the C standard.
CVE-2016-9843 In order to avoid undefined behavior, do not pre-decrement a pointer in big-endian CRC calculation, as this is not compliant with the C standard.
For Debian 7 Wheezy, these problems have been fixed in version 3.0.9-4+deb7u3.
We recommend that you upgrade your rsync packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/