Release Info

Advisory: CLSA-2025:1738632106

OS: CentOS Stream 8 ELS

Public date: 2025-02-03 20:21:48

Project: rsync

Version: 3.1.3-19.el8.1.tuxcare.els4

Errata link: https://errata.tuxcare.com/centos8stream-els/CLSA-2025-1738632106.html

Changelog

- CVE-2024-12086: fix infoleak when connect to malicious server - CVE-2024-12088: properly verify if a symbolic link destination contains another symbolic link within it when using the '--safe-links' option

Update

Update command: dnf update rsync*

Packages list

rsync-3.1.3-19.el8.1.tuxcare.els4.x86_64.rpm rsync-daemon-3.1.3-19.el8.1.tuxcare.els4.noarch.rpm

CVEs

CVE-2024-12086
CVE-2024-12088
CVE-2024-12087