Alerts This Week
Warning Icon 1 1,295
Alerts This Week
Warning Icon 1 1,295

Debian DSA-5843-1: rsync security updates address multiple threats

debian
Calendar Grey January 14, 2025
Debian Logo
Debian Security Notice DSA-5844-3 outlines various vulnerabilities in curl impacting data transfer protocols.
Several vulnerabilities were discovered in rsync, a fast, versatile, remote (and local) file-copying tool

Summary

CVE-2024-12084

Simon Scannell, Pedro Gallegos and Jasiel Spelman discovered a
heap-based buffer overflow vulnerability due to improper handling of
attacker-controlled checksum lengths. A remote attacker can take
advantage of this flaw for code execution.

CVE-2024-12085

Simon Scannell, Pedro Gallegos and Jasiel Spelman reported a flaw in
the way rsync compares file checksums, allowing a remote attacker to
trigger an information leak.

CVE-2024-12086

Simon Scannell, Pedro Gallegos and Jasiel Spelman discovered a flaw
which would result in a server leaking contents of an arbitrary file
from the client's machine.

CVE-2024-12087

Simon Scannell, Pedro Gallegos and Jasiel Spelman reported a path
traversal vulnerability in the rsync daemon affecting the
--inc-recursive option, which could allow a server to write files
outside of the client's intended destination directory.

CVE-2024-12088

Simon Scannell, Pedro Gallegos and Jasiel Spelman reported that ...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: rsync
CVE ID: CVE-2024-12084 CVE-2024-12085 CVE-2024-12086 CVE-2024-12087

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here