From c1c8bcccac408be6acd73b63851ab971c30b428c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Tue, 4 Feb 2025 09:54:22 +0100 Subject: [PATCH] Adding patchinfo patchinfo.20250123145545485403.154186277494808 --- .../_patchinfo | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 patchinfo.20250123145545485403.154186277494808/_patchinfo diff --git a/patchinfo.20250123145545485403.154186277494808/_patchinfo b/patchinfo.20250123145545485403.154186277494808/_patchinfo new file mode 100644 index 0000000..dc0cd90 --- /dev/null +++ b/patchinfo.20250123145545485403.154186277494808/_patchinfo @@ -0,0 +1,30 @@ + + + VUL-0: CVE-2024-12084: rsync: Heap Buffer Overflow in Checksum Parsing + VUL-0: CVE-2024-12085: rsync: Info Leak via uninitialized Stack contents defeats ASLR + VUL-0: CVE-2024-12086: rsync: server leaks arbitrary client files + VUL-0: CVE-2024-12087: rsync: server can make client write files outside of destination directory using symbolic links + VUL-0: CVE-2024-12088: rsync: --safe-links bypass + VUL-0: CVE-2024-12747: rsync: Race Condition in rsync Handling Symbolic Links + + + + + + + ayankov + critical + security + Security update for rsync + This update for rsync fixes the following issues: + +- CVE-2024-12084: Fixed Heap Buffer Overflow in Checksum Parsing (bsc#1234100). +- CVE-2024-12085: Fixed Info Leak via uninitialized Stack contents defeating ASLR (bsc#1234101). +- CVE-2024-12086: Fixed server leaking arbitrary client files (bsc#1234102). +- CVE-2024-12087: Fixed server use of symbolic links to make client write files outside of destination directory (bsc#1234103). +- CVE-2024-12088: Fixed --safe-links bypass (bsc#1234104). +- CVE-2024-12747: Fixed Race Condition in rsync Handling Symbolic Links (bsc#1235475). + + rsync + +