Alerts This Week
Warning Icon 1 1,109
Alerts This Week
Warning Icon 1 1,109

Ubuntu 24.10 USN-7206-3: critical rsync issues resolved

ubuntu
Calendar Grey January 28, 2025
Dist Ubuntu Esm H88
Debian Security Advisory DSA-5055-1 resolves significant wget vulnerabilities to improve safety and safeguard web downloads.
Several security issues were fixed in rsync.

Summary

Several security issues were fixed in rsync.

Software Description:

- rsync: fast, versatile, remote (and local) file-copying tool

Details:

USN-7206-1 fixed vulnerabilities in Ubuntu 14.04 LTS to Ubuntu 24.04 LTS.

This update provides the corresponding updates for Ubuntu 24.10.

Original advisory details:

Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync

did not properly handle checksum lengths. An attacker could use this

issue to execute arbitrary code. (CVE-2024-12084)

Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync

compared checksums with uninitialized memory. An attacker could exploit

this issue to leak sensitive information. (CVE-2024-12085)

Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync

incorrectly handled file checksums. A malicious server could use this

to expose arbitrary client files. (CVE-2024-12086)

Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync

...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
   rsync                           3.3.0-1ubuntu0.1

In general, a standard system update will make all the necessary changes.
After a standard system update you need to restart rsync daemons if
configured to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7206-3

https://ubuntu.com/security/notices/USN-7206-2

https://ubuntu.com/security/notices/USN-7206-1

CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087,

CVE-2024-12088, CVE-2024-12747

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7206-3

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here