File _patchinfo of Package patchinfo.37073

<patchinfo incident="37073">
  <issue tracker="cve" id="2024-12747"/>
  <issue tracker="bnc" id="1235475">VUL-0: CVE-2024-12747: rsync: Race Condition in rsync Handling Symbolic Links</issue>
  <issue tracker="bnc" id="1234100">VUL-0: CVE-2024-12084: rsync: Heap Buffer Overflow in Checksum Parsing</issue>
  <issue tracker="bnc" id="1234101">VUL-0: CVE-2024-12085: rsync: Info Leak via uninitialized Stack contents defeats ASLR</issue>
  <issue tracker="bnc" id="1234102">VUL-0: CVE-2024-12086: rsync: server leaks arbitrary client files</issue>
  <issue tracker="bnc" id="1234103">VUL-0: CVE-2024-12087: rsync: server can make client write files outside of destination directory using symbolic links</issue>
  <issue tracker="bnc" id="1234104">VUL-0: CVE-2024-12088: rsync: --safe-links bypass</issue>
  <issue tracker="bnc" id="1235895">updated rsync fails as server</issue>
  <issue tracker="cve" id="2024-12084"/>
  <issue tracker="cve" id="2024-12085"/>
  <issue tracker="cve" id="2024-12086"/>
  <issue tracker="cve" id="2024-12087"/>
  <issue tracker="cve" id="2024-12088"/>
  <packager>ayankov</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for rsync</summary>
  <description>This update for rsync fixes the following issues:

- CVE-2024-12084: heap buffer overflow in checksum parsing. (bsc#1234100)
- CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. (bsc#1234101)
- CVE-2024-12086: leak of a client machine's file contents through the processing of checksum data. (bsc#1234102)
- CVE-2024-12087: arbitrary file overwrite possible on clients when symlink syncing is enabled. (bsc#1234103)
- CVE-2024-12088: bypass of the --safe-links flag may allow the placement of unsafe symlinks in a client. (bsc#1234104)
- CVE-2024-12747: race condition in rsync handling symbolic links (bsc#1235475)
</description>
</patchinfo>