[ubuntu/trusty-updates] rsync 3.1.0-2ubuntu0.4+esm1 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Tue Jan 14 22:28:27 UTC 2025
rsync (3.1.0-2ubuntu0.4+esm1) trusty-security; urgency=medium
* SECURITY UPDATE: safe links bypass vulnerability
- d/p/z-CVE-2024-12088-0001-make-safe-links-stricter.diff: reject
links where a "../" component is included in the destination
- CVE-2024-12088
* SECURITY UPDATE: arbitrary file write via symbolic links
- d/p/z-CVE-2024-12087-0001-Refuse-a-duplicate-dirlist.diff: refuse
malicious duplicate flist for dir
- d/p/z-CVE-2024-12087-0002-range-check-dir_ndx-before-use.diff: refuse
invalid dir_ndx
- CVE-2024-12087
* SECURITY UPDATE: arbitrary client file leak
- d/p/z-CVE-2024-12086-0001-refuse-fuzzy-options-when-fuzzy-not-selected.diff:
refuse fuzzy options when not selected
- d/p/z-CVE-2024-12086-0002-added-secure_relative_open.diff: safe
implementation to open a file relative to a base directory
- d/p/z-CVE-2024-12086-0003-receiver-use-secure_relative_open-for-basis-file.diff:
ensure secure file access for basis file
- d/p/z-CVE-2024-12086-0004-disallow-.-elements-in-relpath-for-secure_relative_o.diff:
disallow "../" in relative path
- CVE-2024-12086
* SECURITY UPDATE: information leak via uninitialized stack contents
- d/p/z-CVE-2024-12085-0001-prevent-information-leak-off-the-stack.diff:
prevent information leak by zeroing
- CVE-2024-12085
* SECURITY UPDATE: symlink race condition
- d/p/z-CVE-2024-12747-0001-fixed-symlink-race-condition-in-sender.diff:
do_open_checklinks to prevent symlink race
- CVE-2024-12747
Date: 2025-01-14 16:26:12.664547+00:00
Changed-By: Sudhakar Verma <sudhakar.verma at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/rsync/3.1.0-2ubuntu0.4+esm1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list