Adding patchinfo patchinfo.20250123125028861178.269002615871826
This commit is contained in:
parent
1a8e09862d
commit
1ae12ae63f
36
patchinfo.20250123125028861178.269002615871826/_patchinfo
Normal file
36
patchinfo.20250123125028861178.269002615871826/_patchinfo
Normal file
@ -0,0 +1,36 @@
|
||||
<patchinfo>
|
||||
<!-- generated from request(s) 358937 -->
|
||||
<issue tracker="bnc" id="1234100">VUL-0: CVE-2024-12084: rsync: Heap Buffer Overflow in Checksum Parsing</issue>
|
||||
<issue tracker="bnc" id="1234101">VUL-0: CVE-2024-12085: rsync: Info Leak via uninitialized Stack contents defeats ASLR</issue>
|
||||
<issue tracker="bnc" id="1234102">VUL-0: CVE-2024-12086: rsync: server leaks arbitrary client files</issue>
|
||||
<issue tracker="bnc" id="1234103">VUL-0: CVE-2024-12087: rsync: server can make client write files outside of destination directory using symbolic links</issue>
|
||||
<issue tracker="bnc" id="1234104">VUL-0: CVE-2024-12088: rsync: --safe-links bypass</issue>
|
||||
<issue tracker="bnc" id="1235475">VUL-0: CVE-2024-12747: rsync: Race Condition in rsync Handling Symbolic Links</issue>
|
||||
<issue tracker="cve" id="2024-12084"/>
|
||||
<issue tracker="cve" id="2024-12085"/>
|
||||
<issue tracker="cve" id="2024-12086"/>
|
||||
<issue tracker="cve" id="2024-12087"/>
|
||||
<issue tracker="cve" id="2024-12088"/>
|
||||
<issue tracker="cve" id="2024-12747"/>
|
||||
<packager>ayankov</packager>
|
||||
<rating>critical</rating>
|
||||
<category>security</category>
|
||||
<summary>Security update for rsync</summary>
|
||||
<description>This update for rsync fixes the following issues:
|
||||
|
||||
- Bump protocol version to 32 - make it easier to show server is patched.
|
||||
|
||||
- Fix FLAG_GOT_DIR_FLIST collission with FLAG_HLINKED
|
||||
|
||||
- Security update,CVE-2024-12747, bsc#1235475 race condition in handling symbolic links
|
||||
|
||||
- Security update, fix multiple vulnerabilities:
|
||||
* CVE-2024-12084, bsc#1234100 - Heap Buffer Overflow in Checksum Parsing
|
||||
* CVE-2024-12085, bsc#1234101 - Info Leak via uninitialized Stack contents defeats ASLR
|
||||
* CVE-2024-12086, bsc#1234102 - Server leaks arbitrary client files
|
||||
* CVE-2024-12087, bsc#1234103 - Server can make client write files outside of destination directory using symbolic links
|
||||
* CVE-2024-12088, bsc#1234104 - --safe-links Bypass
|
||||
</description>
|
||||
<package>rsync</package>
|
||||
<seperate_build_arch/>
|
||||
</patchinfo>
|
||||
Loading…
x
Reference in New Issue
Block a user