rsync-3.2.5-7.el9_8
エラータID: AXSA:2026-1207:06
リリース日:
2026/07/07 Tuesday - 17:43
題名:
rsync-3.2.5-7.el9_8
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- rsync には、リモートの攻撃者により、任意のファイルに対する巧妙
に細工されたチェックサム値の送信を介して、対象のファイルの不正な
書き換えを可能とする脆弱性が存在します。(CVE-2024-12086)
- rsync には、メモリ領域の解放後利用の問題があるため、リモート
の攻撃者により、メモリ破壊、サービス拒否攻撃を可能とする脆弱性が
存在します。(CVE-2026-41035)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-12086
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.
CVE-2026-41035
In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are more widely vulnerable.
In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are more widely vulnerable.
追加情報:
N/A
ダウンロード:
SRPMS
- rsync-3.2.5-7.el9_8.src.rpm
MD5: 9afa8b9f410f80e274a5b67b5edf04f6
SHA-256: 919544304a54bd06e2d282ebbb7b182a3c1eef1852311efe9286dca25570652b
Size: 1.25 MB
Asianux Server 9 for x86_64
- rsync-3.2.5-7.el9_8.x86_64.rpm
MD5: f74126aed7e65b00b8a20c492b1b91c7
SHA-256: 8093c0288a5a8e0b482cb11c497cfc2a23d0b1d8943ff58d6d6dc0f0df144cfd
Size: 411.12 kB - rsync-daemon-3.2.5-7.el9_8.noarch.rpm
MD5: 0cc8736d8f46844609b4b62c96479632
SHA-256: 05452c31dc43310afd0d29f6f5efa36944a0e4dc303322025eaa920ff9c3de60
Size: 9.59 kB - rsync-rrsync-3.2.5-7.el9_8.noarch.rpm
MD5: 0d2c079e04e7103ee7dd5c30bb2cf09e
SHA-256: 039b249d7463a306e8090e1a9339da7876643de767d897cf5e4bd4982a9394ae
Size: 14.75 kB