Ubuntu
rsync package

rsync 3.2.7-1ubuntu1.1 source package in Ubuntu

Changelog

rsync (3.2.7-1ubuntu1.1) noble-security; urgency=medium

  * SECURITY UPDATE: safe links bypass vulnerability
    - d/p/CVE-2024-12088/0001-make-safe-links-stricter.patch: reject
      links where a "../" component is included in the destination
    - CVE-2024-12088
  * SECURITY UPDATE: arbitrary file write via symbolic links
    - d/p/CVE-2024-12087/0001-Refuse-a-duplicate-dirlist.patch: refuse
      malicious duplicate flist for dir
    - d/p/CVE-2024-12087/0002-range-check-dir_ndx-before-use.patch: refuse
      invalid dir_ndx
    - CVE-2024-12087
  * SECURITY UPDATE: arbitrary client file leak
    - d/p/CVE-2024-12086/0001-refuse-fuzzy-options-when-fuzzy-not-selected.patch:
      refuse fuzzy options when not selected
    - d/p/CVE-2024-12086/0002-added-secure_relative_open.patch: safe
      implementation to open a file relative to a base directory
    - d/p/CVE-2024-12086/0003-receiver-use-secure_relative_open-for-basis-file.patch:
      ensure secure file access for basis file
    - d/p/CVE-2024-12086/0004-disallow-.-elements-in-relpath-for-secure_relative_o.patch:
      disallow "../" in relative path
    - CVE-2024-12086
  * SECURITY UPDATE: information leak via uninitialized stack contents
    - d/p/CVE-2024-12085/0001-prevent-information-leak-off-the-stack.patch:
      prevent information leak by zeroing
    - CVE-2024-12085
  * SECURITY UPDATE: heap buffer overflow in checksum parsing
    - d/p/CVE-2024-12084/0001-Some-checksum-buffer-fixes.patch: fix
      checksum buffer issues, better length check
    - d/p/CVE-2024-12084/0002-Another-cast-when-multiplying-integers.patch:
      fix multiplying size by a better cast
    - CVE-2024-12084
  * SECURITY UPDATE: symlink race condition
    - d/p/CVE-2024-12747/0001-fixed-symlink-race-condition-in-sender.patch:
      do_open_checklinks to prevent symlink race
    - CVE-2024-12747

 -- Sudhakar Verma <email address hidden>  Mon, 13 Jan 2025 16:36:53 +0530

Upload details

Uploaded by:
Sudhakar Verma
Uploaded to:
Noble
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
net
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
rsync_3.2.7.orig.tar.gz 1.1 MiB 4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb
rsync_3.2.7.orig.tar.gz.asc 195 bytes 8e054b8e852f371fbcb757de51f1a07de5621ae959ea766d3c3e5439d7b5f4ae
rsync_3.2.7-1ubuntu1.1.debian.tar.xz 35.0 KiB 9265945f834a4afdfc18cbb21df9adc349ef683b204806ca5356cb7d20cdb422
rsync_3.2.7-1ubuntu1.1.dsc 2.4 KiB d038d0cc11ba83a0bc1be64da7422971bd594782a1d9663dd6da2dc3f29cfb08

View changes file

Binary packages built by this source

rsync: fast, versatile, remote (and local) file-copying tool

 rsync is a fast and versatile file-copying tool which can copy locally
 and to/from a remote host. It offers many options to control its behavior,
 and its remote-update protocol can minimize network traffic to make
 transferring updates between machines fast and efficient.
 .
 It is widely used for backups and mirroring and as an improved copy
 command for everyday use.
 .
 This package provides both the rsync command line tool and optional
 daemon functionality.

rsync-dbgsym: debug symbols for rsync