rsync (3.1.0-2ubuntu0.4+esm1) trusty-security; urgency=medium
* SECURITY UPDATE: safe links bypass vulnerability
- d/p/z-CVE-2024-12088-0001-make-safe-links-stricter.diff: reject
links where a "../" component is included in the destination
- CVE-2024-12088
* SECURITY UPDATE: arbitrary file write via symbolic links
- d/p/z-CVE-2024-12087-0001-Refuse-a-duplicate-dirlist.diff: refuse
malicious duplicate flist for dir
- d/p/z-CVE-2024-12087-0002-range-check-dir_ndx-before-use.diff: refuse
invalid dir_ndx
- CVE-2024-12087
* SECURITY UPDATE: arbitrary client file leak
-
d/p/z-CVE-2024-12086-0001-refuse-fuzzy-options-when-fuzzy-not-selected.diff:
refuse fuzzy options when not selected
- d/p/z-CVE-2024-12086-0002-added-secure_relative_open.diff: safe
implementation to open a file relative to a base directory
-
d/p/z-CVE-2024-12086-0003-receiver-use-secure_relative_open-for-basis-file.diff:
ensure secure file access for basis file
-
d/p/z-CVE-2024-12086-0004-disallow-.-elements-in-relpath-for-secure_relative_o.diff:
disallow "../" in relative path
- CVE-2024-12086
* SECURITY UPDATE: information leak via uninitialized stack contents
- d/p/z-CVE-2024-12085-0001-prevent-information-leak-off-the-stack.diff:
prevent information leak by zeroing
- CVE-2024-12085
* SECURITY UPDATE: symlink race condition
- d/p/z-CVE-2024-12747-0001-fixed-symlink-race-condition-in-sender.diff:
do_open_checklinks to prevent symlink race
- CVE-2024-12747
Date: 2025-01-14 16:26:12.664547+00:00
Changed-By: Sudhakar Verma <[email protected]>
https://launchpad.net/ubuntu/+source/rsync/3.1.0-2ubuntu0.4+esm1
Sorry, changesfile not available.
--
Trusty-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/trusty-changes
