diff --git a/patchinfo.20250123125028861178.269002615871826/_patchinfo b/patchinfo.20250123125028861178.269002615871826/_patchinfo new file mode 100644 index 0000000..5089738 --- /dev/null +++ b/patchinfo.20250123125028861178.269002615871826/_patchinfo @@ -0,0 +1,36 @@ + + + VUL-0: CVE-2024-12084: rsync: Heap Buffer Overflow in Checksum Parsing + VUL-0: CVE-2024-12085: rsync: Info Leak via uninitialized Stack contents defeats ASLR + VUL-0: CVE-2024-12086: rsync: server leaks arbitrary client files + VUL-0: CVE-2024-12087: rsync: server can make client write files outside of destination directory using symbolic links + VUL-0: CVE-2024-12088: rsync: --safe-links bypass + VUL-0: CVE-2024-12747: rsync: Race Condition in rsync Handling Symbolic Links + + + + + + + ayankov + critical + security + Security update for rsync + This update for rsync fixes the following issues: + +- Bump protocol version to 32 - make it easier to show server is patched. + +- Fix FLAG_GOT_DIR_FLIST collission with FLAG_HLINKED + +- Security update,CVE-2024-12747, bsc#1235475 race condition in handling symbolic links + +- Security update, fix multiple vulnerabilities: + * CVE-2024-12084, bsc#1234100 - Heap Buffer Overflow in Checksum Parsing + * CVE-2024-12085, bsc#1234101 - Info Leak via uninitialized Stack contents defeats ASLR + * CVE-2024-12086, bsc#1234102 - Server leaks arbitrary client files + * CVE-2024-12087, bsc#1234103 - Server can make client write files outside of destination directory using symbolic links + * CVE-2024-12088, bsc#1234104 - --safe-links Bypass + + rsync + +