Advisory: CLSA-2025:1738632046
OS: Ubuntu 16.04 ELS
Public date: 2025-02-03 20:20:48
Project: rsync
Version: 3.1.1-3ubuntu1.3+tuxcare.els7
Errata link: https://errata.cloudlinux.com/ubuntu16-els/CLSA-2025-1738632046.html
* SECURITY UPDATE: possible information leak via checksum comparison - debian/patches/CVE-2024-12086.patch: fix info leak when connecting to malicious server - CVE-2024-12086 * SECURITY UPDATE: arbitraty file write via inproper symlink verification - debian/patches/CVE-2024-12087.patch: fix writing malicious files to arbitrary locations when using '--inc-recursive' option - CVE-2024-12087 * SECURITY UPDATE: arbitraty file write when using '--safe-links' option - debian/patches/CVE-2024-12088.patch: properly verify if a symbolic link destination contains another symbolic link within it when using the '--safe-links' option - CVE-2024-12088
Update command: apt-get update apt-get --only-upgrade install rsync*
rsync_3.1.1-3ubuntu1.3+tuxcare.els7_amd64.deb