Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

SUSE: 2025:0118-1 important: rsync heap overflow and file sync issues

suse
Calendar Grey January 15, 2025
Dist Suse Esm H88
SUSE has released a vital advisory regarding Rsync, addressing several urgent vulnerabilities. Take action now to enhance the security of your systems promptly.
* bsc#1234100 * bsc#1234101 * bsc#1234102 * bsc#1234103 * bsc#1234104

Summary

## This update for rsync fixes the following issues: * CVE-2024-12084: heap buffer overflow in checksum parsing. (bsc#1234100) * CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. (bsc#1234101) * CVE-2024-12086: leak of a client machine's file contents through the processing of checksum data. (bsc#1234102) * CVE-2024-12087: arbitrary file overwrite possible on clients when symlink syncing is enabled. (bsc#1234103) * CVE-2024-12088: bypass of the --safe-links flag may allow the placement of unsafe symlinks in a client. (bsc#1234104) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6

Topics%20covered

Topics Covered

security advisory buffer overflow file overwrite rsync SUSE stack leak

References

* bsc#1234100

* bsc#1234101

* bsc#1234102

* bsc#1234103

* bsc#1234104

Cross-

* CVE-2024-12084

* CVE-2024-12085

* CVE-2024-12086

* CVE-2024-12087

* CVE-2024-12088

CVSS scores:

* CVE-2024-12084 ( SUSE ): 9.3

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2024-12084 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-12085 ( SUSE ): 6.9

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

* CVE-2024-12085 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

* CVE-2024-12085 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2024-12086 ( SUSE ): 6.9

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

* CVE-2024-12086 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:0118-1
Release Date: 2025-01-15T09:08:02Z
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow file overwrite rsync SUSE stack leak

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here