rsync-3.1.3-21.el8_10

エラータID: AXSA:2025-9746:06

Release date: 
Thursday, March 13, 2025 - 21:31
Subject: 
rsync-3.1.3-21.el8_10
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool.

Security Fix(es):

* rsync: Path traversal vulnerability in rsync (CVE-2024-12087)
* rsync: --safe-links option bypass leads to path traversal (CVE-2024-12088)
* rsync: Race Condition in rsync Handling Symbolic Links (CVE-2024-12747)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-12087
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.
CVE-2024-12088
A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.
CVE-2024-12747
A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.

Solution: 

Update packages.

CVEs: 
CVE-2024-12087
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.
CVE-2024-12088
A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.
CVE-2024-12747
A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.
Additional Info: 

N/A

Download: 

SRPMS
  1. rsync-3.1.3-21.el8_10.src.rpm
    MD5: 5320613df9204f372112785ee5aee511
    SHA-256: 9f69828d6e48f249b14c7b9eee6b4b27ac2bd57c44213cbd6e765703806cdc84
    Size: 1.10 MB

Asianux Server 8 for x86_64
  1. rsync-3.1.3-21.el8_10.x86_64.rpm
    MD5: 19517d9abe7bc25550894a80ff06f66e
    SHA-256: c24d10abbd9f905748da08c3fe954293ea75e2a314274c47d7a34677af1b75ef
    Size: 409.91 kB
  2. rsync-daemon-3.1.3-21.el8_10.noarch.rpm
    MD5: c9a69d0a519cd62c144a2235da967697
    SHA-256: aa70ebbdf7606969955457d85bf03fd3ff9230df9db711d0ef4b9c23faedb1b1
    Size: 43.66 kB