products/SLFO
SHA256
8
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
SLFO/patchinfo.20250123125028861178.269002615871826/_patchinfo

37 lines
2.0 KiB
Plaintext
Raw Blame History

<patchinfo>
<!-- generated from request(s) 358937 -->
<issue tracker="bnc" id="1234100">VUL-0: CVE-2024-12084: rsync: Heap Buffer Overflow in Checksum Parsing</issue>
<issue tracker="bnc" id="1234101">VUL-0: CVE-2024-12085: rsync: Info Leak via uninitialized Stack contents defeats ASLR</issue>
<issue tracker="bnc" id="1234102">VUL-0: CVE-2024-12086: rsync: server leaks arbitrary client files</issue>
<issue tracker="bnc" id="1234103">VUL-0: CVE-2024-12087: rsync: server can make client write files outside of destination directory using symbolic links</issue>
<issue tracker="bnc" id="1234104">VUL-0: CVE-2024-12088: rsync: --safe-links bypass</issue>
<issue tracker="bnc" id="1235475">VUL-0: CVE-2024-12747: rsync: Race Condition in rsync Handling Symbolic Links</issue>
<issue tracker="cve" id="2024-12084"/>
<issue tracker="cve" id="2024-12085"/>
<issue tracker="cve" id="2024-12086"/>
<issue tracker="cve" id="2024-12087"/>
<issue tracker="cve" id="2024-12088"/>
<issue tracker="cve" id="2024-12747"/>
<packager>ayankov</packager>
<rating>critical</rating>
<category>security</category>
<summary>Security update for rsync</summary>
<description>This update for rsync fixes the following issues:
- Bump protocol version to 32 - make it easier to show server is patched.
- Fix FLAG_GOT_DIR_FLIST collission with FLAG_HLINKED
- Security update,CVE-2024-12747, bsc#1235475 race condition in handling symbolic links
- Security update, fix multiple vulnerabilities:
* CVE-2024-12084, bsc#1234100 - Heap Buffer Overflow in Checksum Parsing
* CVE-2024-12085, bsc#1234101 - Info Leak via uninitialized Stack contents defeats ASLR
* CVE-2024-12086, bsc#1234102 - Server leaks arbitrary client files
* CVE-2024-12087, bsc#1234103 - Server can make client write files outside of destination directory using symbolic links
* CVE-2024-12088, bsc#1234104 - --safe-links Bypass
</description>
<package>rsync</package>
<seperate_build_arch/>
</patchinfo>
Reference in New Issue View Git Blame Copy Permalink