-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-3ec637e6e9 2025-01-21 03:13:12.983923+00:00 -------------------------------------------------------------------------------- Name : rsync Product : Fedora 41 Version : 3.4.1 Release : 1.fc41 URL : https://rsync.samba.org/ Summary : A program for synchronizing files over a network Description : Rsync uses a reliable algorithm to bring remote and host files into sync very quickly. Rsync is fast because it just sends the differences in the files over the network instead of sending the complete files. Rsync is often used as a very powerful mirroring process or just as a more capable replacement for the rcp command. A technical report which describes the rsync algorithm is included in this package. -------------------------------------------------------------------------------- Update Information: New version 3.4.1, a couple of fixes for the 3.4.0 release. New version 3.4.0. Contains fixes for CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, CVE-2024-12747 -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 16 2025 Michal Ruprich <mruprich@xxxxxxxxxx> - 3.4.1-1 - New version 3.4.1 - a couple of minor fixes for 3.4.0 * Tue Jan 14 2025 Michal Ruprich <mruprich@xxxxxxxxxx> - 3.4.0-1 - New version 3.4.0 - Fix for CVE-2024-12084, CVE-2024-12085, CVE-2024-12086 - Fix for CVE-2024-12087, CVE-2024-12088, CVE-2024-12747 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2337963 - [Minor Incident] CVE-2024-12084 rsync: Heap Buffer Overflow in Rsync due to Improper Checksum Length Handling [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2337963 [ 2 ] Bug #2337969 - [Minor Incident] CVE-2024-12085 rsync: Info Leak via Uninitialized Stack Contents [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2337969 [ 3 ] Bug #2337974 - [Minor Incident] CVE-2024-12086 rsync: rsync server leaks arbitrary client files [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2337974 [ 4 ] Bug #2337979 - [Minor Incident] CVE-2024-12087 rsync: Path traversal vulnerability in rsync [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2337979 [ 5 ] Bug #2337984 - [Minor Incident] CVE-2024-12088 rsync: --safe-links option bypass leads to path traversal [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2337984 [ 6 ] Bug #2337990 - [Minor Incident] CVE-2024-12747 rsync: Race Condition in rsync Handling Symbolic Links [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2337990 [ 7 ] Bug #2338024 - rsync-3.4.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2338024 [ 8 ] Bug #2338383 - rsync-3.4.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2338383 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-3ec637e6e9' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
