Alerts This Week
Warning Icon 1 1,295
Alerts This Week
Warning Icon 1 1,295

Fedora 40: FEDORA-2025-73c1f25730 moderate: rsync path traversal

fedora
Calendar Grey January 16, 2025
Dist Fedora Esm H88
Fedora 40 rsync enhancement resolves severe vulnerabilities encompassing heap buffer overflow, directory traversal, and information exposures.
New version 3.4.0

Summary

Rsync uses a reliable algorithm to bring remote and host files into

sync very quickly. Rsync is fast because it just sends the differences

in the files over the network instead of sending the complete

files. Rsync is often used as a very powerful mirroring process or

just as a more capable replacement for the rcp command. A technical

report which describes the rsync algorithm is included in this

package.

Update Information:

New version 3.4.0. Contains fixes for CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, CVE-2024-12747.

Change Log

* Tue Jan 14 2025 Michal Ruprich - 3.4.0-1 - New version 3.4.0 - Fix for CVE-2024-12084, CVE-2024-12085, CVE-2024-12086 - Fix for CVE-2024-12087, CVE-2024-12088, CVE-2024-12747

References


[ 1 ] Bug #2337961 - [Minor Incident] CVE-2024-12084 rsync: Heap Buffer Overflow in Rsync due to Improper Checksum Length Handling [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2337961 [ 2 ] Bug #2337967 - [Minor Incident] CVE-2024-12085 rsync: Info Leak via Uninitialized Stack Contents [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2337967 [ 3 ] Bug #2337972 - [Minor Incident] CVE-2024-12086 rsync: rsync server leaks arbitrary client files [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2337972 [ 4 ] Bug #2337977 - [Minor Incident] CVE-2024-12087 rsync: Path traversal vulnerability in rsync [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2337977 [ 5 ] Bug #2337982 - [Minor Incident] CVE-2024-12088 rsync: --safe-links option bypass leads to path traversal [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2337982 [ 6 ] Bug #2337988 - [Minor Incident] CVE-2024-12747 rsync: Race Condi...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-73c1f25730' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Name: rsync
Product: Fedora 40
Version: 3.4.0
Release: 1.fc40
URL:
Summary: A program for synchronizing files over a network

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here