AIX Open Source

AIX Open Source

Share your experiences and connect with fellow developers to discover how to build and manage open source software for the AIX operating system

 View Only

  • 1.  Security Advisory rsync - Update to 3.4.0 or higher needed

    Posted Thu January 16, 2025 05:14 AM

    Hi AIX OpenSource-Team,

    please update rsync, because of various security issues:

    AIX-Toolbox:
    3.3.0

    AFFECTED VERSIONS:
    rsync < 3.4.0

    • CVE-2024-12084 -⁠ Heap Buffer Overflow in Checksum Parsing.

    • CVE-2024-12085 -⁠ Info Leak via uninitialized Stack contents defeats ASLR.

    • CVE-2024-12086 -⁠ Server leaks arbitrary client files.

    • CVE-2024-12087 -⁠ Server can make client write files outside of destination directory using symbolic links.

    • CVE-2024-12088 -⁠ -⁠-⁠safe-⁠links Bypass.

    • CVE-2024-12747 -⁠ symlink race condition.

    https://download.samba.org/pub/rsync/NEWS#3.4.0



    ------------------------------
    Tobias Schröer
    ------------------------------


  • 2.  RE: Security Advisory rsync - Update to 3.4.0 or higher needed

    Posted Fri January 17, 2025 01:52 AM

    Hi Tobias,

    Thank you for bringing this up.
    We are prioritising rsync update and will update you as soon as possible.

    Regards,
    Shubham



    ------------------------------
    Shubham Gupta
    ------------------------------

    Original Message


  • 3.  RE: Security Advisory rsync - Update to 3.4.0 or higher needed

    Posted Fri January 24, 2025 01:08 PM

    rsync-3.4.1-1.aix7.1.ppc.rpm is now available in AIX Toolbox. Please use dnf to update to this version.



    ------------------------------
    RESHMA KUMAR
    ------------------------------

    Original Message