A CVSS score 6.8 AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Dmitry “InfoSecDJ” Janushkevich of Trend Micro Zero Day Initiative’ was reported to the affected vendor on: 2025-01-14, 0 days ago. The vendor is given until 2025-05-14 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.
Several vulnerabilities were discovered in rsync, a fast, versatile,
remote (and local) file-copying tool.
CVE-2024-12084
Simon Scannell, Pedro Gallegos and Jasiel Spelman discovered a
heap-based buffer overflow vulnerability due to improper handling of
attacker-controlled checksum lengths. A remote attacker can take
advantage of this flaw for code execution.
CVE-2024-12085
Simon Scannell, Pedro Gallegos and Jasiel Spelman reported a flaw in
the way rsync compares file checksums, allowing a remote attacker to
trigger an information leak.
CVE-2024-12086
Simon Scannell, Pedro Gallegos and Jasiel Spelman discovered a flaw
which would result in a server leaking contents of an arbitrary file
from the client’s machine.
CVE-2024-12087
Simon Scannell, Pedro Gallegos and Jasiel Spelman reported a path
traversal vulnerability in the rsync daemon affecting the
–inc-recursive option, which could allow a server to write files
outside of the client’s intended destination directory.
CVE-2024-12088
Simon Scannell, Pedro Gallegos and Jasiel Spelman reported that when
using the –safe-links option, rsync fails to properly verify if a
symbolic link destination contains another symbolic link with it,
resulting in path traversal and arbitrary file write outside of the
desired directory.
CVE-2024-12747
Aleksei Gorban “loqpa” discovered a race condition when handling
symbolic links resulting in an information leak which may enable
escalation of privileges.
Kevin Backhouse discovered that HPLIP incorrectly handled certain MDNS
responses. A remote attacker could use this issue to cause HPLIP to crash,
resulting in a denial of service, or possibly execute arbitrary code.
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
It was discovered that Roundcube incorrectly handled certain file-based
attachment plugins. An attacker could exploit this to gain unauthorized
access to arbitrary files on the host’s file system.
USN-6940-1 fixed vulnerabilities in snapd. This update provides the
corresponding updates for Ubuntu 18.04 LTS and Ubuntu 16.04 LTS.
Original advisory details:
Neil McPhail discovered that snapd did not properly restrict writes to
the /home/jslarraz/bin path in the AppArmor profile for snaps using the home
plug. An attacker who could convince a user to install a malicious snap
could use this vulnerability to escape the snap sandbox. (CVE-2024-1724)
Zeyad Gouda discovered that snapd failed to properly check the file type
when extracting a snap. An attacker who could convince a user to install
a malicious snap containing non-regular files could then cause snapd to
block indefinitely while trying to read from such files and cause a
denial of service. (CVE-2024-29068)
Zeyad Gouda discovered that snapd failed to properly check the
destination of symbolic links when extracting a snap. An attacker who
could convince a user to install a malicious snap containing crafted
symbolic links could then cause snapd to write out the contents of the
symbolic link destination into a world-readable directory. This in-turn
could allow a local unprivileged user to gain access to privileged
information. (CVE-2024-29069)
It was discovered that Expat, contained within the xmltok library,
incorrectly handled malformed XML data. If a user or application were
tricked into opening a crafted XML file, an attacker could cause a denial
of service, or possibly execute arbitrary code. (CVE-2015-1283,
CVE-2016-0718, CVE-2016-4472, CVE-2019-15903)
It was discovered that Expat, contained within the xmltok library,
incorrectly handled XML data containing a large number of colons, which
could lead to excessive resource consumption. If a user or application
were tricked into opening a crafted XML file, an attacker could possibly
use this issue to cause a denial of service. (CVE-2018-20843)
It was discovered that Expat, contained within the xmltok library,
incorrectly handled certain input, which could lead to an integer
overflow. If a user or application were tricked into opening a crafted XML
file, an attacker could possibly use this issue to cause a denial of
service. (CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824,
CVE-2022-22825, CVE-2022-22826, CVE-2022-22827)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 5.4. The following CVEs are assigned: CVE-2024-2886.
stb-0-0.50.20241002git31707d1.el8
Add another patch for the root cause of CVE-2021-45340. We already have a patch for CVE-2021-45340, but adding this new patch may prevent a related, unproven exploit as described in https://github.com/nothings/stb/pull/1454#issuecomment-2581308033.
Several vulnerabilities were discovered in OpenAFS, an implementation of
the AFS distributed filesystem, which may result in theft of credentials
in Unix client PAGs (CVE-2024-10394), fileserver crashes and information
leak on StoreACL/FetchACL (CVE-2024-10396) or buffer overflows in XDR
responses resulting in denial of service and potentially code execution
(CVE-2024-10397).
