Alerts This Week
Warning Icon 1 1,109
Alerts This Week
Warning Icon 1 1,109

Ubuntu 24.04 LTS: USN-7206-1 critical: rsync multiple exploit fixes

ubuntu
Calendar Grey January 14, 2025
Dist Ubuntu Esm H88
Security issues in rsync for Ubuntu fixed, addressing critical exploits across versions including code execution risks.
Several security issues were fixed in rsync.

Summary

Several security issues were fixed in rsync.

Software Description:

- rsync: fast, versatile, remote (and local) file-copying tool

Details:

Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync

did not properly handle checksum lengths. An attacker could use this

issue to execute arbitrary code. (CVE-2024-12084)

Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync

compared checksums with uninitialized memory. An attacker could exploit

this issue to leak sensitive information. (CVE-2024-12085)

Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync

incorrectly handled file checksums. A malicious server could use this

to expose arbitrary client files. (CVE-2024-12086)

Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync

mishandled symlinks for some settings. An attacker could exploit this

to write files outside the intended directory. (CVE-2024-12087)

Simon Scannell, Pedro Gallegos, and Jasiel Spelman di...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  rsync                           3.2.7-1ubuntu1.1

Ubuntu 22.04 LTS
  rsync                           3.2.7-0ubuntu0.22.04.3

Ubuntu 20.04 LTS
  rsync                           3.1.3-8ubuntu0.8

Ubuntu 18.04 LTS
  rsync                           3.1.2-2.1ubuntu1.6+esm1
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  rsync                           3.1.1-3ubuntu1.3+esm3
                                  Available with Ubuntu Pro

Ubuntu 14.04 LTS
  rsync                           3.1.0-2ubuntu0.4+esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.
After a standard system update you need to restart rsync daemons if
configured to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7206-1

CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087,

CVE-2024-12088, CVE-2024-12747

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7206-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here