Release Info

Advisory: CLSA-2025:1738632046

OS: Ubuntu 16.04 ELS

Public date: 2025-02-03 20:20:48

Project: rsync

Version: 3.1.1-3ubuntu1.3+tuxcare.els7

Errata link: https://errata.cloudlinux.com/ubuntu16-els/CLSA-2025-1738632046.html

Changelog

* SECURITY UPDATE: possible information leak via checksum comparison - debian/patches/CVE-2024-12086.patch: fix info leak when connecting to malicious server - CVE-2024-12086 * SECURITY UPDATE: arbitraty file write via inproper symlink verification - debian/patches/CVE-2024-12087.patch: fix writing malicious files to arbitrary locations when using '--inc-recursive' option - CVE-2024-12087 * SECURITY UPDATE: arbitraty file write when using '--safe-links' option - debian/patches/CVE-2024-12088.patch: properly verify if a symbolic link destination contains another symbolic link within it when using the '--safe-links' option - CVE-2024-12088

Update

Update command: apt-get update apt-get --only-upgrade install rsync*

Packages list

rsync_3.1.1-3ubuntu1.3+tuxcare.els7_amd64.deb

CVEs

CVE-2024-12088
CVE-2024-12087
CVE-2024-12086