Sicherheit: Mehrere Probleme in rsync

Lesezeichen hinzufügen

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2025-3ec637e6e9
2025-01-21 03:13:12.983923+00:00
-------------------------------------------------------------------------------
-

Name : rsync
Product : Fedora 41
Version : 3.4.1
Release : 1.fc41
URL : https://rsync.samba.org/
Summary : A program for synchronizing files over a network
Description :
Rsync uses a reliable algorithm to bring remote and host files into
sync very quickly. Rsync is fast because it just sends the differences
in the files over the network instead of sending the complete
files. Rsync is often used as a very powerful mirroring process or
just as a more capable replacement for the rcp command. A technical
report which describes the rsync algorithm is included in this
package.

-------------------------------------------------------------------------------
-
Update Information:

New version 3.4.1, a couple of fixes for the 3.4.0 release.
New version 3.4.0. Contains fixes for CVE-2024-12084, CVE-2024-12085,
CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, CVE-2024-12747
-------------------------------------------------------------------------------
-
ChangeLog:

* Thu Jan 16 2025 Michal Ruprich <mruprich@redhat.com> - 3.4.1-1
- New version 3.4.1 - a couple of minor fixes for 3.4.0
* Tue Jan 14 2025 Michal Ruprich <mruprich@redhat.com> - 3.4.0-1
- New version 3.4.0
- Fix for CVE-2024-12084, CVE-2024-12085, CVE-2024-12086
- Fix for CVE-2024-12087, CVE-2024-12088, CVE-2024-12747
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #2337963 - [Minor Incident] CVE-2024-12084 rsync: Heap Buffer
Overflow in Rsync due to Improper Checksum Length Handling [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2337963
[ 2 ] Bug #2337969 - [Minor Incident] CVE-2024-12085 rsync: Info Leak via
Uninitialized Stack Contents [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2337969
[ 3 ] Bug #2337974 - [Minor Incident] CVE-2024-12086 rsync: rsync server
leaks arbitrary client files [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2337974
[ 4 ] Bug #2337979 - [Minor Incident] CVE-2024-12087 rsync: Path traversal
vulnerability in rsync [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2337979
[ 5 ] Bug #2337984 - [Minor Incident] CVE-2024-12088 rsync: --safe-links
option bypass leads to path traversal [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2337984
[ 6 ] Bug #2337990 - [Minor Incident] CVE-2024-12747 rsync: Race Condition in
rsync Handling Symbolic Links [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2337990
[ 7 ] Bug #2338024 - rsync-3.4.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2338024
[ 8 ] Bug #2338383 - rsync-3.4.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2338383
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-3ec637e6e9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-

--
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue