CLSA-2025-1738632046

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2025-1738632046.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2025-1738632046
Upstream
Published
2025-02-04T01:20:52Z
Modified
2026-06-04T09:46:42.154297621Z
Summary
Fix CVE(s): CVE-2024-12086, CVE-2024-12087, CVE-2024-12088
Details
  • SECURITY UPDATE: possible information leak via checksum comparison
    • debian/patches/CVE-2024-12086.patch: fix info leak when connecting to malicious server
    • CVE-2024-12086
  • SECURITY UPDATE: arbitraty file write via inproper symlink verification
    • debian/patches/CVE-2024-12087.patch: fix writing malicious files to arbitrary locations when using '--inc-recursive' option
    • CVE-2024-12087
  • SECURITY UPDATE: arbitraty file write when using '--safe-links' option
    • debian/patches/CVE-2024-12088.patch: properly verify if a symbolic link destination contains another symbolic link within it when using the '--safe-links' option
    • CVE-2024-12088
References

Affected packages

TuxCare:Ubuntu:16.04 / rsync

Package

Name
rsync
Purl
pkg:deb/tuxcare/rsync?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.1-3ubuntu1.3+tuxcare.els7

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2025-1738632046.json"