Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 41: FEDORA-2025-3ec637e6e9 critical: rsync path traversal issues

fedora
Calendar Grey January 21, 2025
Dist Fedora Esm H88
Fedora 41 introduces critical security enhancements for Rsync 3.4.1. Make sure to update and bolster your defenses with these essential patches.
New version 3.4.1, a couple of fixes for the 3.4.0 release

Summary

Rsync uses a reliable algorithm to bring remote and host files into

sync very quickly. Rsync is fast because it just sends the differences

in the files over the network instead of sending the complete

files. Rsync is often used as a very powerful mirroring process or

just as a more capable replacement for the rcp command. A technical

report which describes the rsync algorithm is included in this

package.

Update Information:

New version 3.4.1, a couple of fixes for the 3.4.0 release. New version 3.4.0. Contains fixes for CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, CVE-2024-12747

Topics%20covered

Topics Covered

security advisory update buffer overflow Fedora race condition rsync path traversal

Change Log

* Thu Jan 16 2025 Michal Ruprich - 3.4.1-1 - New version 3.4.1 - a couple of minor fixes for 3.4.0 * Tue Jan 14 2025 Michal Ruprich - 3.4.0-1 - New version 3.4.0 - Fix for CVE-2024-12084, CVE-2024-12085, CVE-2024-12086 - Fix for CVE-2024-12087, CVE-2024-12088, CVE-2024-12747

References


[ 1 ] Bug #2337963 - [Minor Incident] CVE-2024-12084 rsync: Heap Buffer Overflow in Rsync due to Improper Checksum Length Handling [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2337963 [ 2 ] Bug #2337969 - [Minor Incident] CVE-2024-12085 rsync: Info Leak via Uninitialized Stack Contents [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2337969 [ 3 ] Bug #2337974 - [Minor Incident] CVE-2024-12086 rsync: rsync server leaks arbitrary client files [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2337974 [ 4 ] Bug #2337979 - [Minor Incident] CVE-2024-12087 rsync: Path traversal vulnerability in rsync [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2337979 [ 5 ] Bug #2337984 - [Minor Incident] CVE-2024-12088 rsync: --safe-links option bypass leads to path traversal [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2337984 [ 6 ] Bug #2337990 - [Minor Incident] CVE-2024-12747 rsync: Race Condi...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-3ec637e6e9' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: rsync
Product: Fedora 41
Version: 3.4.1
Release: 1.fc41
URL: /
Summary: A program for synchronizing files over a network

Topics%20covered

Topics Covered

security advisory update buffer overflow Fedora race condition rsync path traversal

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here