Alerts This Week
Warning Icon 1 1,295
Alerts This Week
Warning Icon 1 1,295

SUSE: 2025:0122-2 important: rsync security updates and fixes

suse
Calendar Grey January 15, 2025
Dist Suse Esm H88
Critical vulnerability patches for rsync on SUSE systems resolve various concerns and include guidelines for deployment.
* bsc#1234101 * bsc#1234102 * bsc#1234103 * bsc#1234104

Summary

## This update for rsync fixes the following issues: NOTE: This update was retracted as one of the fixes was broken. A new update will be issued. * CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. (bsc#1234101) * CVE-2024-12086: leak of a client machine's file contents through the processing of checksum data. (bsc#1234102) * CVE-2024-12087: arbitrary file overwrite possible on clients when symlink syncing is enabled. (bsc#1234103) * CVE-2024-12088: bypass of the --safe-links flag may allow the placement of unsafe symlinks in a client. (bsc#1234104) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product:

References

* bsc#1234101

* bsc#1234102

* bsc#1234103

* bsc#1234104

Cross-

* CVE-2024-12085

* CVE-2024-12086

* CVE-2024-12087

* CVE-2024-12088

CVSS scores:

* CVE-2024-12085 ( SUSE ): 6.9

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

* CVE-2024-12085 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

* CVE-2024-12085 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2024-12086 ( SUSE ): 6.9

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

* CVE-2024-12086 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

* CVE-2024-12086 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

* CVE-2024-12087 ( SUSE ): 8.6

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:0122-2
Release Date: 2025-01-15T14:55:54Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here