Release Info

Advisory: CLSA-2025:1737463274

OS: CentOS 8.4 ELS

Public date: 2025-01-21 07:41:17

Project: rsync

Version: 3.1.3-12.el8.tuxcare.els5

Errata link: https://errata.cloudlinux.com/centos8.4-els/CLSA-2025-1737463274.html

Changelog

- CVE-2024-12088: fix path traversal vulnerability by properly verifying symbolic link destinations - CVE-2024-12085: fix issue with checksum length manipulation leading to uninitialized memory leak

Update

Update command: dnf update rsync*

Packages list

rsync-3.1.3-12.el8.tuxcare.els5.x86_64.rpm rsync-daemon-3.1.3-12.el8.tuxcare.els5.noarch.rpm

CVEs

CVE-2024-12088
CVE-2024-12085