MidnightBSD

Advisories for almalinux

CVE-2024-12084

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
almalinux almalinux 10.0
novell suse_linux -
nixos nixos 24.11
nixos nixos *
archlinux arch_linux -
samba rsync 3.3.0
samba rsync 3.2.7
tritondatacenter smartos *
gentoo linux -
redhat enterprise_linux 10.0
CVE-2024-12085

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 9.6
redhat enterprise_linux_for_ibm_z_systems 9.2_s390x
redhat enterprise_linux_for_ibm_z_systems_eus 9.6_s390x
almalinux almalinux 8.0
gentoo linux -
redhat enterprise_linux_update_services_for_sap_solutions 9.0
almalinux almalinux 10.0
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.6_ppc64le
redhat enterprise_linux_server_aus 9.6
redhat openshift_container_platform 4.13
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_for_power_little_endian 9.2_ppc64le
redhat enterprise_linux_update_services_for_sap_solutions 8.6
redhat enterprise_linux_eus 9.2
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.6_ppc64le
redhat openshift 5.0
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.0_ppc64le
redhat enterprise_linux_server 7.0
redhat enterprise_linux_update_services_for_sap_solutions 9.2
redhat enterprise_linux_for_ibm_z_systems_eus 8.8_s390x
redhat enterprise_linux_for_power_little_endian_eus 9.4_ppc64le
redhat enterprise_linux_for_arm_64 9.2_aarch64
redhat enterprise_linux_for_arm_64_eus 8.8_aarch64
nixos nixos *
redhat enterprise_linux_for_power_little_endian 8.0_ppc64le
redhat openshift_container_platform 4.15
redhat openshift_container_platform 4.17
redhat enterprise_linux_for_power_little_endian_eus 9.6_ppc64le
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.4_ppc64le
redhat enterprise_linux_for_ibm_z_systems 8.0_s390x
tritondatacenter smartos *
redhat enterprise_linux_eus 8.8
redhat enterprise_linux 9.0
almalinux almalinux 9.0
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.4_ppc64le
redhat openshift_container_platform 4.12
redhat enterprise_linux_server_aus 9.4
archlinux arch_linux -
redhat enterprise_linux_for_arm_64 9.0_aarch64
suse suse_linux -
redhat enterprise_linux_update_services_for_sap_solutions 8.4
redhat enterprise_linux_for_power_little_endian 9.0_ppc64le
redhat enterprise_linux_server_tus 8.8
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.8_ppc64le
redhat enterprise_linux_for_power_little_endian 8.8_ppc64le
redhat enterprise_linux_server_aus 9.2
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.2_ppc64le
samba rsync *
redhat openshift_container_platform 4.16
redhat enterprise_linux_for_arm_64 8.0_aarch64
redhat enterprise_linux_for_ibm_z_systems_eus 9.4_s390x
redhat openshift_container_platform 4.14
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_for_arm_64_eus 9.4_aarch64
redhat enterprise_linux_for_arm_64_eus 9.6_aarch64
redhat enterprise_linux_for_ibm_z_systems 9.0_s390x
redhat enterprise_linux 8.0
redhat enterprise_linux_eus 9.4
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_update_services_for_sap_solutions 9.6
redhat enterprise_linux_server_tus 8.6
CVE-2024-12086

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N 1.6 4.0

Products Affected

Vendor Product Version
redhat enterprise_linux 7.0
nixos nixos *
samba rsync *
redhat openshift_container_platform 4.0
tritondatacenter smartos *
almalinux almalinux 8.0
gentoo linux -
redhat enterprise_linux 9.0
almalinux almalinux 9.0
almalinux almalinux 10.0
redhat enterprise_linux 6.0
archlinux arch_linux -
suse suse_linux -
redhat enterprise_linux 8.0
redhat enterprise_linux 10.0
CVE-2024-12087

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 2.8 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 9.6
nixos nixos *
redhat enterprise_linux_for_power_little_endian 8.0_ppc64le
redhat enterprise_linux_for_power_little_endian_eus 9.6_ppc64le
redhat enterprise_linux_for_ibm_z_systems 8.0_s390x
tritondatacenter smartos *
redhat enterprise_linux_for_ibm_z_systems_eus 9.6_s390x
almalinux almalinux 8.0
gentoo linux -
redhat enterprise_linux 9.0
almalinux almalinux 9.0
almalinux almalinux 10.0
archlinux arch_linux -
redhat enterprise_linux_server_aus 9.6
redhat enterprise_linux_for_arm_64 9.0_aarch64
suse suse_linux -
redhat enterprise_linux_for_power_little_endian 9.0_ppc64le
samba rsync *
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.6_ppc64le
redhat enterprise_linux_for_arm_64 8.0_aarch64
redhat enterprise_linux_for_arm_64_eus 9.6_aarch64
redhat enterprise_linux_for_ibm_z_systems 9.0_s390x
redhat enterprise_linux 8.0
redhat enterprise_linux_update_services_for_sap_solutions 9.6
CVE-2024-12088

A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6
secalert@redhat.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
redhat enterprise_linux 7.0
redhat enterprise_linux_eus 9.6
nixos nixos *
redhat enterprise_linux_for_power_little_endian 8.0_ppc64le
redhat enterprise_linux_for_power_little_endian_eus 9.6_ppc64le
redhat enterprise_linux_for_ibm_z_systems 8.0_s390x
tritondatacenter smartos *
redhat enterprise_linux_for_ibm_z_systems_eus 9.6_s390x
almalinux almalinux 8.0
gentoo linux -
redhat enterprise_linux 9.0
almalinux almalinux 9.0
almalinux almalinux 10.0
archlinux arch_linux -
redhat enterprise_linux_server_aus 9.6
redhat enterprise_linux_for_arm_64 9.0_aarch64
redhat enterprise_linux_for_power_little_endian 9.0_ppc64le
samba rsync *
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.6_ppc64le
redhat openshift_container_platform 4.0
redhat enterprise_linux_for_arm_64 8.0_aarch64
novell suse_linux -
redhat enterprise_linux 6.0
redhat discovery 1.14
redhat enterprise_linux_for_arm_64_eus 9.6_aarch64
redhat enterprise_linux_for_ibm_z_systems 9.0_s390x
redhat enterprise_linux 8.0
redhat enterprise_linux_update_services_for_sap_solutions 9.6
redhat enterprise_linux 10.0
CVE-2024-6387

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
openbsd openssh 8.6
netapp a400_firmware -
netapp a700s_firmware -
netapp active_iq_unified_manager -
netapp 500f_firmware -
netapp a1k_firmware -
netapp ontap 9
netapp c400_firmware -
suse linux_enterprise_micro 6.0
amazon linux_2023 -
freebsd freebsd 13.2
netapp c800_firmware -
netapp 8300_firmware -
sonicwall sma_6200_firmware -
netapp bootstrap_os -
canonical ubuntu_linux 22.04
netapp e-series_santricity_os_controller *
sonicwall sra_ex_7000_firmware -
sonicwall sma_7210_firmware -
netapp 8700_firmware -
netapp a9500_firmware -
redhat openshift_container_platform 4.0
netapp a70_firmware -
canonical ubuntu_linux 24.04
debian debian_linux 12.0
netapp ontap_tools 10
netapp a900_firmware -
amazon amazon_linux 2023.0
redhat enterprise_linux_for_power_little_endian_eus 9.4_ppc64le
netapp c250_firmware -
netbsd netbsd *
freebsd freebsd 14.0
apple macos *
netapp fas2750_firmware -
netapp ontap_tools 9
openbsd openssh *
redhat enterprise_linux 9.0
almalinux almalinux 9.0
netapp ontap_select_deploy_administration_utility -
netapp a90_firmware -
redhat enterprise_linux_server_aus 9.4
freebsd freebsd 14.1
redhat enterprise_linux_for_arm_64 9.0_aarch64
redhat enterprise_linux_for_power_little_endian 9.0_ppc64le
netapp c190_firmware -
canonical ubuntu_linux 22.10
netapp a800_firmware -
sonicwall sma_7200_firmware -
openbsd openssh 8.5
netapp a250_firmware -
netapp fas2820_firmware -
redhat enterprise_linux_for_ibm_z_systems_eus 9.4_s390x
openbsd openssh 4.4
redhat enterprise_linux_for_arm_64_eus 9.4_aarch64
netapp a220_firmware -
netapp fas2720_firmware -
sonicwall sma_8200v_firmware -
arista eos *
freebsd freebsd 13.3
redhat enterprise_linux_for_ibm_z_systems 9.0_s390x
sonicwall sma_6210_firmware -
redhat enterprise_linux_eus 9.4
netapp a150_firmware -
canonical ubuntu_linux 23.04
canonical ubuntu_linux 23.10