obsolete

rsync-3.4.0-1.fc41

FEDORA-2025-ec87287710 created by mruprich 4 months ago for Fedora 41

New version 3.4.0. Contains fixes for CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, CVE-2024-12747

This update has been submitted for testing by mruprich.

4 months ago

This update's test gating status has been changed to 'waiting'.

4 months ago

This update's test gating status has been changed to 'waiting'.

4 months ago

mruprich edited this update.

4 months ago
User Icon tibbs commented & provided feedback 4 months ago
karma

Just pushed this to my public Fedora mirrors and so far so good. I don't think exploit code is public so I can't test the security fixes but it does function correctly to serve local files and fetch remote ones.

BZ#2338024 rsync-3.4.0 is available

This update's test gating status has been changed to 'passed'.

4 months ago
User Icon imabug provided feedback 4 months ago
karma
User Icon kevin provided feedback 4 months ago
karma

This update has been pushed to testing.

4 months ago

This update has been submitted for stable by bodhi.

4 months ago
User Icon geraldosimiao provided feedback 4 months ago
karma
User Icon bojan commented & provided feedback 4 months ago
karma

Works.

User Icon vtrefny provided feedback 4 months ago
karma
BZ#2338024 rsync-3.4.0 is available
User Icon besser82 commented & provided feedback 4 months ago
karma

Works great! LGTM! =)

User Icon mruprich commented 4 months ago

This update has been unpushed.

This update has been submitted for testing by mruprich.

4 months ago
User Icon bojan commented & provided feedback 4 months ago

Yeah, 3.4.1 just got released with fixes for the above issues.

This update has been pushed to testing.

4 months ago

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

4 months ago

This update can be pushed to stable now if the maintainer wishes

4 months ago

This update has been obsoleted by rsync-3.4.1-1.fc41.

4 months ago

Please login to add feedback.

Metadata
Type
security
Severity
urgent
Karma
6
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Thresholds
Minimum Karma
+2
Minimum Testing
14 days
Dates
submitted
4 months ago
in testing
4 months ago
modified
4 months ago
approved
4 months ago
Builds
1
rsync-3.4.0-1.fc41
BZ#2337963 [Minor Incident] CVE-2024-12084 rsync: Heap Buffer Overflow in Rsync due to Improper Checksum Length Handling [fedora-41]
0
0
BZ#2337969 [Minor Incident] CVE-2024-12085 rsync: Info Leak via Uninitialized Stack Contents [fedora-41]
0
0
BZ#2337974 [Minor Incident] CVE-2024-12086 rsync: rsync server leaks arbitrary client files [fedora-41]
0
0
BZ#2337979 [Minor Incident] CVE-2024-12087 rsync: Path traversal vulnerability in rsync [fedora-41]
0
0
BZ#2337984 [Minor Incident] CVE-2024-12088 rsync: --safe-links option bypass leads to path traversal [fedora-41]
0
0
BZ#2337990 [Minor Incident] CVE-2024-12747 rsync: Race Condition in rsync Handling Symbolic Links [fedora-41]
0
0
BZ#2338024 rsync-3.4.0 is available
0
2
rsync-3.4.0-1.fc41

Automated Test Results

Copyright © 2007-2025 Red Hat, Inc. and others.

Running bodhi-server 8.3.0 on bodhi-web-177-rzvbq.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy