File _patchinfo of Package patchinfo.36939
<patchinfo incident="36939">
<issue tracker="bnc" id="1234101">VUL-0: CVE-2024-12085: rsync: Info Leak via uninitialized Stack contents defeats ASLR</issue>
<issue tracker="bnc" id="1234102">VUL-0: CVE-2024-12086: rsync: server leaks arbitrary client files</issue>
<issue tracker="bnc" id="1234103">VUL-0: CVE-2024-12087: rsync: server can make client write files outside of destination directory using symbolic links</issue>
<issue tracker="bnc" id="1234104">VUL-0: CVE-2024-12088: rsync: --safe-links bypass</issue>
<issue tracker="cve" id="2024-12086"/>
<issue tracker="cve" id="2024-12085"/>
<issue tracker="cve" id="2024-12088"/>
<issue tracker="cve" id="2024-12087"/>
<packager>ayankov</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for rsync</summary>
<description>This update for rsync fixes the following issues:
NOTE: This update was retracted due to a buggy security fix. A followup update will be provided.
- CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. (bsc#1234101)
- CVE-2024-12086: leak of a client machine's file contents through the processing of checksum data. (bsc#1234102)
- CVE-2024-12087: arbitrary file overwrite possible on clients when symlink syncing is enabled. (bsc#1234103)
- CVE-2024-12088: bypass of the --safe-links flag may allow the placement of unsafe symlinks in a client. (bsc#1234104)
</description>
<retracted/>
</patchinfo>