Open Source Development

Power Open Source Development

Explore the open source tools and capabilities for building and deploying modern applications on IBM Power platforms including AIX, IBM i, and Linux.


#Power


#Power

 View Only

  • 1.  Security Advisory rsync - Update to 3.4.0 or higher needed

    Posted Thu January 16, 2025 05:14 AM

    Hi AIX OpenSource-Team,

    please update rsync, because of various security issues:

    AIX-Toolbox:
    3.3.0

    AFFECTED VERSIONS:
    rsync < 3.4.0

    • CVE-2024-12084 -⁠ Heap Buffer Overflow in Checksum Parsing.

    • CVE-2024-12085 -⁠ Info Leak via uninitialized Stack contents defeats ASLR.

    • CVE-2024-12086 -⁠ Server leaks arbitrary client files.

    • CVE-2024-12087 -⁠ Server can make client write files outside of destination directory using symbolic links.

    • CVE-2024-12088 -⁠ -⁠-⁠safe-⁠links Bypass.

    • CVE-2024-12747 -⁠ symlink race condition.

    https://download.samba.org/pub/rsync/NEWS#3.4.0



    ------------------------------
    Tobias Schröer
    ------------------------------

    #AIXOpenSource


  • 2.  RE: Security Advisory rsync - Update to 3.4.0 or higher needed

    Posted Fri January 17, 2025 01:52 AM

    Hi Tobias,

    Thank you for bringing this up.
    We are prioritising rsync update and will update you as soon as possible.

    Regards,
    Shubham



    ------------------------------
    Shubham Gupta
    ------------------------------

    Original Message


  • 3.  RE: Security Advisory rsync - Update to 3.4.0 or higher needed

    Posted Fri January 24, 2025 01:08 PM

    rsync-3.4.1-1.aix7.1.ppc.rpm is now available in AIX Toolbox. Please use dnf to update to this version.



    ------------------------------
    RESHMA KUMAR
    ------------------------------

    Original Message


Related Content