Not a user yet?
Log in Register for free Suggest a product
Update

USN-7206-1: rsync vulnerabilities

Ubuntu DesktopUbuntu Desktop
Canonical

USN-7206-1: rsync vulnerabilities
14 January 2025

Several security issues were fixed in rsync.

Releases
Ubuntu 24.04 LTS Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Ubuntu 14.04 ESM

Packages
rsync - fast, versatile, remote (and local) file-copying tool

Details
Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync
did not properly handle checksum lengths. An attacker could use this
issue to execute arbitrary code. (CVE-2024-12084)

Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync
compared checksums with uninitialized memory. An attacker could exploit
this issue to leak sensitive information. (CVE-2024-12085)

Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync
incorrectly handled file checksums. A malicious server could use this
to expose arbitrary client files. (CVE-2024-12086)

Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync
mishandled symlinks for some settings. An attacker could exploit this
to write files outside the intended directory. (CVE-2024-12087)

Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync
failed to verify symbolic link destinations for some settings. An
attacker could exploit this for path traversal attacks. (CVE-2024-12088)

Aleksei Gorban discovered a race condition in rsync’s handling of
symbolic links. An attacker could use this to access sensitive
information or escalate privileges. (CVE-2024-12747)

Update instructions
The problem can be corrected by updating your system to the following package versions:

Ubuntu 24.04

  • rsync - 3.2.7-1ubuntu1.1
    Ubuntu 22.04
  • rsync - 3.2.7-0ubuntu0.22.04.3
    Ubuntu 20.04
  • rsync - 3.1.3-8ubuntu0.8
    Ubuntu 18.04
  • rsync - 3.1.2-2.1ubuntu1.6+esm1
    Available with Ubuntu Pro
    Ubuntu 16.04
  • rsync - 3.1.1-3ubuntu1.3+esm3
    Available with Ubuntu Pro
    Ubuntu 14.04
  • rsync - 3.1.0-2ubuntu0.4+esm1

In general, a standard system update will make all the necessary changes.
After a standard system update you need to restart rsync daemons if
configured to make all the necessary changes.

More updatesTo the product
The manufacturer Canonical has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Receive Important Update Messages Stay tuned for upcoming Canonical updates

More from the Operating Systems section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad