Alerts This Week
Warning Icon 1 1,295
Alerts This Week
Warning Icon 1 1,295

SUSE: 2025:0118-2 important: rsync buffer overflow and file overwrite

suse
Calendar Grey January 15, 2025
Dist Suse Esm H88
SUSE reveals significant rsync upgrade addressing severe security flaws in various offerings. Apply suggested update.
* bsc#1234100 * bsc#1234101 * bsc#1234102 * bsc#1234103 * bsc#1234104

Summary

## This update for rsync fixes the following issues: NOTE: this update is broken and was retracted. New update will be published as followup update. * CVE-2024-12084: heap buffer overflow in checksum parsing. (bsc#1234100) * CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. (bsc#1234101) * CVE-2024-12086: leak of a client machine's file contents through the processing of checksum data. (bsc#1234102) * CVE-2024-12087: arbitrary file overwrite possible on clients when symlink syncing is enabled. (bsc#1234103) * CVE-2024-12088: bypass of the --safe-links flag may allow the placement of unsafe symlinks in a client. (bsc#1234104) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like

References

* bsc#1234100

* bsc#1234101

* bsc#1234102

* bsc#1234103

* bsc#1234104

Cross-

* CVE-2024-12084

* CVE-2024-12085

* CVE-2024-12086

* CVE-2024-12087

* CVE-2024-12088

CVSS scores:

* CVE-2024-12084 ( SUSE ): 9.3

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2024-12084 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-12085 ( SUSE ): 6.9

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

* CVE-2024-12085 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

* CVE-2024-12085 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2024-12086 ( SUSE ): 6.9

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

* CVE-2024-12086 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:0118-2
Release Date: 2025-01-15T14:40:31Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here