[CLSA-2025:1738632046] Fix CVE(s): CVE-2024-12086, CVE-2024-12087, CVE-2024-12088

Type:

security

Severity:

Moderate

Release date:

2025-02-04 01:20:52 UTC

Description:

   * SECURITY UPDATE: possible information leak via checksum comparison
     - debian/patches/CVE-2024-12086.patch: fix info leak when connecting
       to malicious server
     - CVE-2024-12086
   * SECURITY UPDATE: arbitraty file write via inproper symlink verification
     - debian/patches/CVE-2024-12087.patch: fix writing malicious files
       to arbitrary locations when using '--inc-recursive' option
     - CVE-2024-12087
   * SECURITY UPDATE: arbitraty file write when using '--safe-links' option
     - debian/patches/CVE-2024-12088.patch: properly verify if a symbolic
       link destination contains another symbolic link within it when using
       the '--safe-links' option
     - CVE-2024-12088

Updated packages:

rsync_3.1.1-3ubuntu1.3+tuxcare.els7_amd64.deb
sha:37747a033659e133a650092bbfe87fd62377d2a3

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.