This is a known issue and has been fixed in the latest version 2.4.7. To fix the issue, update your version of RDiffWEB to 2.4.7. If the issue persists, you can downgrade your version of RDiffWEB to 2.3.15. rdiff-web --version Stable: 2.3.15 Unstable: 2.4.6
Next, follow the steps below to fix the issue and prevent repository fixation. Remove RDiffWEB from the /usr/bin directory on your Linux server. Remove RDiffWEB from the /usr/local/bin directory on your Linux server. Remove RDiffWEB from the /usr/libexec/ directory on your Linux server. Remove RDiffWEB from the /usr/share/ directory on your Linux server. Remove RDiffWEB from the /usr/local/share/ directory on your Linux server. Remove RDiffWEB from the /usr/local/lib/ directory on your Linux server. Uninstall RDiffWEB from your system using the package manager. Uninstall RDiffWEB from your system using the --no-sigint option. Uninstall RDiffWEB from your system using the --no-start option. Uninstall RDiffWEB from your system using the --no-depend option. Uninstall RDiffWEB from your system using the --no-suggest option. Uninstall
References:
[1] http://blog.diffwebrepository.com/2018/05/13/CVE-2022-3269-Differential-Diffs-Repository-Fixes/ [2] https://www.diffweb.com/download
DiffWEB 2.4.7 is released to address CVE-2022-3269
Installing RDiffWEB using the package manager
You can install RDiffWEB using the package manager on your Linux server.
To do this, run the following command:
apt-get install rdiffweb
Timeline
Published on: 09/23/2022 10:15:00 UTC
Last modified on: 09/26/2022 17:05:00 UTC