Updated rsync packages fix security vulnerabilities
Publication date: 22 Jan 2025Modification date: 22 Jan 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-12084 , CVE-2024-12085 , CVE-2024-12086 , CVE-2024-12087 , CVE-2024-12088 , CVE-2024-12747
Description
Heap buffer overflow in rsync due to improper checksum length handling.
(CVE-2024-12084)
Info leak via uninitialized stack contents. (CVE-2024-12085)
Rsync server leaks arbitrary client files. (CVE-2024-12086)
Path traversal vulnerability in rsync. (CVE-2024-12087)
Rsync --safe-links option bypass leads to path traversal.
(CVE-2024-12088)
Race condition in rsync handling symbolic links. (CVE-2024-12747)
References
- https://bugs.mageia.org/show_bug.cgi?id=33920
- https://www.openwall.com/lists/oss-security/2025/01/14/3
- https://lists.debian.org/debian-security-announce/2025/msg00004.html
- https://ubuntu.com/security/notices/USN-7206-1
- https://ubuntu.com/security/notices/USN-7206-2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12084
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12085
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12086
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12087
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12088
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12747
SRPMS
9/core
- rsync-3.2.7-1.2.mga9