Описание
Security update for rsync
This update for rsync fixes the following issues:
-
CVE-2024-12747: Fixed race condition in handling symbolic links (bsc#1235475)
-
Broken rsyncd after protocol bump, regression reported (bsc#1237187).
-
Bump protocol version to 32 - make it easier to show server is patched.
Список пакетов
Container suse/sle-micro-rancher/5.2:latest
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Server 15 SP3-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP3
Ссылки
- Link for SUSE-SU-2025:0991-1
- E-Mail link for SUSE-SU-2025:0991-1
- SUSE Security Ratings
- SUSE Bug 1235475
- SUSE Bug 1237187
- SUSE CVE CVE-2024-12747 page
Описание
A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.
Затронутые продукты
Ссылки
- CVE-2024-12747
- SUSE Bug 1233760
- SUSE Bug 1235475