Moderate: rsync security update

🗓️ 13 May 2025 00:00:00Reported by AlmaLinuxType

almalinux

almalinux🔗 errata.almalinux.org👁 4 Views

Rsync security update fixes path traversal vulnerabilities and a race condition in symbolic links

Reporter	Title	Published	Views	Family All 379
FreeBSD	rsync -- Multiple security fixes	14 Jan 202500:00	–	freebsd
IBM Security Bulletins	Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple vulnerabilities	31 Jul 202514:21	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a sensitive information exposure in rsync [CVE-2024-12747]	28 Aug 202517:17	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal vulnerability in rsync [ CVE-2024-12087]	28 Aug 202517:18	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal vulnerability in rsync [CVE-2024-12088]	28 Aug 202517:13	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Cloud Pak for Multicloud Management	19 Nov 202512:57	–	ibm
ATTACKERKB	CVE-2024-12087	14 Jan 202518:15	–	attackerkb
ATTACKERKB	CVE-2024-12747	14 Jan 202518:15	–	attackerkb
ATTACKERKB	CVE-2024-12088	14 Jan 202518:15	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : rsync, rsync-daemon (ALAS2023-2025-800)	14 Jan 202500:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
almalinux	9	noarch	rsync-daemon	3.2.5-3.el9	rsync-daemon-3.2.5-3.el9.noarch.rpm
almalinux	9	noarch	rsync-rrsync	3.2.5-3.el9	rsync-rrsync-3.2.5-3.el9.noarch.rpm
almalinux	9	ppc64le	rsync	3.2.5-3.el9	rsync-3.2.5-3.el9.ppc64le.rpm
almalinux	9	aarch64	rsync	3.2.5-3.el9	rsync-3.2.5-3.el9.aarch64.rpm
almalinux	9	x86_64	rsync	3.2.5-3.el9	rsync-3.2.5-3.el9.x86_64.rpm
almalinux	9	s390x	rsync	3.2.5-3.el9	rsync-3.2.5-3.el9.s390x.rpm

Source	Link
access	www.access.redhat.com/errata/RHSA-2025:7050
access	www.access.redhat.com/security/cve/CVE-2024-12087
access	www.access.redhat.com/security/cve/CVE-2024-12088
access	www.access.redhat.com/security/cve/CVE-2024-12747
bugzilla	www.bugzilla.redhat.com/2330672
bugzilla	www.bugzilla.redhat.com/2330676
bugzilla	www.bugzilla.redhat.com/2332968
errata	www.errata.almalinux.org/9/ALSA-2025-7050.html

02 Jul 2025 13:44Current

7High risk

Vulners AI Score7

CVSS 3.16.5 - 7.5

EPSS0.04575

SSVC

rsync security update path traversal vulnerability race condition symbolic links