USN-7206-1

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-7206-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7206-1.json

JSON Data

https://api.test.osv.dev/v1/vulns/USN-7206-1

Related

Published

2025-01-14T23:32:20.178648Z

Modified

2025-01-14T23:32:20.178648Z

Summary

Several security issues were fixed in rsync

Details

Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync did not properly handle checksum lengths. An attacker could use this issue to execute arbitrary code. (CVE-2024-12084)

Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync compared checksums with uninitialized memory. An attacker could exploit this issue to leak sensitive information. (CVE-2024-12085)

Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync incorrectly handled file checksums. A malicious server could use this to expose arbitrary client files. (CVE-2024-12086)

Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync mishandled symlinks for some settings. An attacker could exploit this to write files outside the intended directory. (CVE-2024-12087)

Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync failed to verify symbolic link destinations for some settings. An attacker could exploit this for path traversal attacks. (CVE-2024-12088)

Aleksei Gorban discovered a race condition in rsync's handling of symbolic links. An attacker could use this to access sensitive information or escalate privileges. (CVE-2024-12747)

References

Affected packages

Ubuntu:Pro:14.04:LTS / rsync

Package

Name: rsync
Purl: pkg:deb/ubuntu/rsync@3.1.0-2ubuntu0.4+esm1?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.0-2ubuntu0.4+esm1

Affected versions

3.*

3.0.9-4ubuntu1

3.1.0-2

3.1.0-2ubuntu0.1

3.1.0-2ubuntu0.2

3.1.0-2ubuntu0.3

3.1.0-2ubuntu0.4

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "3.1.0-2ubuntu0.4+esm1",
            "binary_name": "rsync"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / rsync

Package

Name: rsync
Purl: pkg:deb/ubuntu/rsync@3.1.1-3ubuntu1.3+esm3?arch=source&distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.1-3ubuntu1.3+esm3

Affected versions

3.*

3.1.1-3

3.1.1-3ubuntu1

3.1.1-3ubuntu1.1

3.1.1-3ubuntu1.2

3.1.1-3ubuntu1.3

3.1.1-3ubuntu1.3+esm1

3.1.1-3ubuntu1.3+esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "3.1.1-3ubuntu1.3+esm3",
            "binary_name": "rsync"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / rsync

Package

Name: rsync
Purl: pkg:deb/ubuntu/rsync@3.1.2-2.1ubuntu1.6+esm1?arch=source&distro=esm-infra/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.2-2.1ubuntu1.6+esm1

Affected versions

3.*

3.1.2-2

3.1.2-2.1

3.1.2-2.1ubuntu1

3.1.2-2.1ubuntu1.1

3.1.2-2.1ubuntu1.2

3.1.2-2.1ubuntu1.3

3.1.2-2.1ubuntu1.4

3.1.2-2.1ubuntu1.5

3.1.2-2.1ubuntu1.6

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "3.1.2-2.1ubuntu1.6+esm1",
            "binary_name": "rsync"
        }
    ]
}

Ubuntu:20.04:LTS / rsync

Package

Name: rsync
Purl: pkg:deb/ubuntu/rsync@3.1.3-8ubuntu0.8?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.3-8ubuntu0.8

Affected versions

3.*

3.1.3-6

3.1.3-8

3.1.3-8ubuntu0.1

3.1.3-8ubuntu0.2

3.1.3-8ubuntu0.3

3.1.3-8ubuntu0.4

3.1.3-8ubuntu0.5

3.1.3-8ubuntu0.7

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "3.1.3-8ubuntu0.8",
            "binary_name": "rsync"
        },
        {
            "binary_version": "3.1.3-8ubuntu0.8",
            "binary_name": "rsync-dbgsym"
        }
    ]
}

Ubuntu:22.04:LTS / rsync

Package

Name: rsync
Purl: pkg:deb/ubuntu/rsync@3.2.7-0ubuntu0.22.04.3?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.7-0ubuntu0.22.04.3

Affected versions

3.*

3.2.3-4ubuntu1

3.2.3-4ubuntu2

3.2.3-8ubuntu1

3.2.3-8ubuntu2

3.2.3-8ubuntu3

3.2.3-8ubuntu3.1

3.2.7-0ubuntu0.22.04.2

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "3.2.7-0ubuntu0.22.04.3",
            "binary_name": "rsync"
        },
        {
            "binary_version": "3.2.7-0ubuntu0.22.04.3",
            "binary_name": "rsync-dbgsym"
        }
    ]
}

Ubuntu:24.04:LTS / rsync

Package

Name: rsync
Purl: pkg:deb/ubuntu/rsync@3.2.7-1ubuntu1.1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.7-1ubuntu1.1

Affected versions

3.*

3.2.7-1

3.2.7-1build1

3.2.7-1build2

3.2.7-1ubuntu1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "3.2.7-1ubuntu1.1",
            "binary_name": "rsync"
        },
        {
            "binary_version": "3.2.7-1ubuntu1.1",
            "binary_name": "rsync-dbgsym"
        }
    ]
}