rsync-3.1.3-20.el8_10

エラータID: AXSA:2025-9543:02

Release date: 
Thursday, January 16, 2025 - 11:00
Subject: 
rsync-3.1.3-20.el8_10
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool.

Security Fix(es):

* rsync: Info Leak via Uninitialized Stack Contents (CVE-2024-12085)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-12085
A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

Solution: 

Update packages.

CVEs: 
CVE-2024-12085
A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.
Additional Info: 

N/A

Download: 

SRPMS
  1. rsync-3.1.3-20.el8_10.src.rpm
    MD5: b331ef32d6064e200f60b5df99a2e705
    SHA-256: 4602d001ef1d8f724a8ca57fcc9fd824122d258d0c873fabc97482df444e644a
    Size: 1.09 MB

Asianux Server 8 for x86_64
  1. rsync-3.1.3-20.el8_10.x86_64.rpm
    MD5: fdffa5a752c68a51249723d8c055dd97
    SHA-256: b88c03cf556e29acef1ad17eb275bc34dd844499f4e6c6b5bc5294ac5407be71
    Size: 409.31 kB
  2. rsync-daemon-3.1.3-20.el8_10.noarch.rpm
    MD5: 46a13bd42b4fc79422d480d95dab9325
    SHA-256: 76aa5cd077608d33752539e97276b7776211b80c003a47e246c3772e8149eacc
    Size: 43.34 kB