CLSA-2025-1738632106

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2025-1738632106.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2025-1738632106
Upstream
Published
2025-02-04T01:21:52Z
Modified
2026-06-01T00:32:57.794956218Z
Summary
rsync: Fix of 2 CVEs
Details
  • CVE-2024-12086: fix infoleak when connect to malicious server
  • CVE-2024-12088: properly verify if a symbolic link destination contains another symbolic link within it when using the '--safe-links' option
References

Affected packages

TuxCare:CentOS-Stream:8 / rsync

Package

Name
rsync
Purl
pkg:rpm/tuxcare/rsync?distro=centos-stream-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.3-19.el8.1.tuxcare.els4

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2025-1738632106.json"

TuxCare:CentOS-Stream:8 / rsync-daemon

Package

Name
rsync-daemon
Purl
pkg:rpm/tuxcare/rsync-daemon?distro=centos-stream-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.3-19.el8.1.tuxcare.els4

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2025-1738632106.json"