--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-3ec637e6e9
2025-01-21 03:13:12.983923+00:00
--------------------------------------------------------------------------------

Name        : rsync
Product     : Fedora 41
Version     : 3.4.1
Release     : 1.fc41
URL         : https://rsync.samba.org/
Summary     : A program for synchronizing files over a network
Description :
Rsync uses a reliable algorithm to bring remote and host files into
sync very quickly. Rsync is fast because it just sends the differences
in the files over the network instead of sending the complete
files. Rsync is often used as a very powerful mirroring process or
just as a more capable replacement for the rcp command. A technical
report which describes the rsync algorithm is included in this
package.

--------------------------------------------------------------------------------
Update Information:

New version 3.4.1, a couple of fixes for the 3.4.0 release.
New version 3.4.0. Contains fixes for CVE-2024-12084, CVE-2024-12085,
CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, CVE-2024-12747
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 16 2025 Michal Ruprich  - 3.4.1-1
- New version 3.4.1 - a couple of minor fixes for 3.4.0
* Tue Jan 14 2025 Michal Ruprich  - 3.4.0-1
- New version 3.4.0
- Fix for CVE-2024-12084, CVE-2024-12085, CVE-2024-12086
- Fix for CVE-2024-12087, CVE-2024-12088, CVE-2024-12747
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2337963 - [Minor Incident] CVE-2024-12084 rsync: Heap Buffer Overflow in Rsync due to Improper Checksum Length Handling [fedora-41]
        https://bugzilla.redhat.com/show_bug.cgi?id=2337963
  [ 2 ] Bug #2337969 - [Minor Incident] CVE-2024-12085 rsync: Info Leak via Uninitialized Stack Contents [fedora-41]
        https://bugzilla.redhat.com/show_bug.cgi?id=2337969
  [ 3 ] Bug #2337974 - [Minor Incident] CVE-2024-12086 rsync: rsync server leaks arbitrary client files [fedora-41]
        https://bugzilla.redhat.com/show_bug.cgi?id=2337974
  [ 4 ] Bug #2337979 - [Minor Incident] CVE-2024-12087 rsync: Path traversal vulnerability in rsync [fedora-41]
        https://bugzilla.redhat.com/show_bug.cgi?id=2337979
  [ 5 ] Bug #2337984 - [Minor Incident] CVE-2024-12088 rsync: --safe-links option bypass leads to path traversal [fedora-41]
        https://bugzilla.redhat.com/show_bug.cgi?id=2337984
  [ 6 ] Bug #2337990 - [Minor Incident] CVE-2024-12747 rsync: Race Condition in rsync Handling Symbolic Links [fedora-41]
        https://bugzilla.redhat.com/show_bug.cgi?id=2337990
  [ 7 ] Bug #2338024 - rsync-3.4.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2338024
  [ 8 ] Bug #2338383 - rsync-3.4.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2338383
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-3ec637e6e9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

-- 
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

Fedora 41: rsync 2025-3ec637e6e9 Security Advisory Updates

January 21, 2025
New version 3.4.1, a couple of fixes for the 3.4.0 release

Summary

Rsync uses a reliable algorithm to bring remote and host files into

sync very quickly. Rsync is fast because it just sends the differences

in the files over the network instead of sending the complete

files. Rsync is often used as a very powerful mirroring process or

just as a more capable replacement for the rcp command. A technical

report which describes the rsync algorithm is included in this

package.

Update Information:

New version 3.4.1, a couple of fixes for the 3.4.0 release. New version 3.4.0. Contains fixes for CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, CVE-2024-12747

Change Log

* Thu Jan 16 2025 Michal Ruprich - 3.4.1-1 - New version 3.4.1 - a couple of minor fixes for 3.4.0 * Tue Jan 14 2025 Michal Ruprich - 3.4.0-1 - New version 3.4.0 - Fix for CVE-2024-12084, CVE-2024-12085, CVE-2024-12086 - Fix for CVE-2024-12087, CVE-2024-12088, CVE-2024-12747

References

[ 1 ] Bug #2337963 - [Minor Incident] CVE-2024-12084 rsync: Heap Buffer Overflow in Rsync due to Improper Checksum Length Handling [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2337963 [ 2 ] Bug #2337969 - [Minor Incident] CVE-2024-12085 rsync: Info Leak via Uninitialized Stack Contents [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2337969 [ 3 ] Bug #2337974 - [Minor Incident] CVE-2024-12086 rsync: rsync server leaks arbitrary client files [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2337974 [ 4 ] Bug #2337979 - [Minor Incident] CVE-2024-12087 rsync: Path traversal vulnerability in rsync [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2337979 [ 5 ] Bug #2337984 - [Minor Incident] CVE-2024-12088 rsync: --safe-links option bypass leads to path traversal [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2337984 [ 6 ] Bug #2337990 - [Minor Incident] CVE-2024-12747 rsync: Race Condi...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-3ec637e6e9' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
Name : rsync
Product : Fedora 41
Version : 3.4.1
Release : 1.fc41
URL : https://rsync.samba.org/
Summary : A program for synchronizing files over a network

Related News

Linux 6.11 EOL: Upgrade to 6.12 for Security and Performance Benefits
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Census III Report: Key Strategies for Linux Security Enhancement
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
Qt 6.8.1: Essential Fixes for Wayland and Security Issues
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Arch Linux 2024.12.01: Improved Hardware Support and Security Features
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Linux Kernel 6.13: Security Updates Enhance System Resilience
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Protect Linux Systems from Bootkitty: UEFI Bootkit Defense Strategies
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved