git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit

author	Archana Polampalli <archana.polampalli@windriver.com>
	Thu, 16 Jan 2025 15:15:06 +0000 (15:15 +0000)
committer	Steve Sakoman <steve@sakoman.com>
	Wed, 22 Jan 2025 03:13:31 +0000 (19:13 -0800)
commit	19f4e7bd965c63f19cc756e6e2bf8f58d9e1dc8d
tree	1e0feaf63a16f7b29e50f52dbde3aec28624b5ab	tree \| snapshot
parent	fb8439e856d5ea10d12180020a14442c3b101e56	commit \| diff

rsync: fix CVE-2024-12086

A flaw was found in rsync. It could allow a server to enumerate the contents of an
arbitrary file from the client's machine. This issue occurs when files are being
copied from a client to a server. During this process, the rsync server will send
checksums of local data to the client to compare with in order to determine what
data needs to be sent to the server. By sending specially constructed checksum values
for arbitrary files, an attacker may be able to reconstruct the data of those files
byte-by-byte based on the responses from the client.

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

meta/recipes-devtools/rsync/files/CVE-2024-12086-0001.patch	[new file with mode: 0644]	blob
meta/recipes-devtools/rsync/files/CVE-2024-12086-0002.patch	[new file with mode: 0644]	blob
meta/recipes-devtools/rsync/files/CVE-2024-12086-0003.patch	[new file with mode: 0644]	blob
meta/recipes-devtools/rsync/files/CVE-2024-12086-0004.patch	[new file with mode: 0644]	blob
meta/recipes-devtools/rsync/rsync_3.2.7.bb		diff \| blob \| blame \| history