USN-7206-1: rsync vulnerabilities

Read Time:52 Second

Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync
did not properly handle checksum lengths. An attacker could use this
issue to execute arbitrary code. (CVE-2024-12084)

Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync
compared checksums with uninitialized memory. An attacker could exploit
this issue to leak sensitive information. (CVE-2024-12085)

Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync
incorrectly handled file checksums. A malicious server could use this
to expose arbitrary client files. (CVE-2024-12086)

Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync
mishandled symlinks for some settings. An attacker could exploit this
to write files outside the intended directory. (CVE-2024-12087)

Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync
failed to verify symbolic link destinations for some settings. An
attacker could exploit this for path traversal attacks. (CVE-2024-12088)

Aleksei Gorban discovered a race condition in rsync’s handling of
symbolic links. An attacker could use this to access sensitive
information or escalate privileges. (CVE-2024-12747)

Microsoft: Happy 2025. Here’s 161 Security Updates

Upcoming Speaking Engagements

New AI Rule Aims to Prevent Misuse of US Technology

Browser-Based Cyber-Threats Surge as Email Malware Declines

Manchester Law Firm Leads 15,000 to Sue Google and Microsoft over AI Data

The First Password on the Internet

UK Considers Ban on Ransomware Payments by Public Bodies

Remediation Times Drop Sharply as Cyber Hygiene Take Up Surges

UK Registry Nominet Breached Via Ivanti Zero-Day

USN-7206-1: rsync vulnerabilities

git-lfs-3.6.1-1.fc41

git-lfs-3.6.1-1.fc40

Multiple Vulnerabilities in Fortinet Products Could Allow for Remote Code Execution

webkit2gtk4.0-2.46.5-1.fc41

webkit2gtk4.0-2.46.5-1.fc40

rsync-3.4.0-1.fc41