Resolves: RHEL-152527 - CVE-2025-10158 Out of bounds array access via negative index
This commit is contained in:
Michal Ruprich
parent
beb58c56fe
commit
ec67dc569f
27
rsync-3.4.1-cve-2025-10158.patch
Normal file
27
rsync-3.4.1-cve-2025-10158.patch
Normal file
@ -0,0 +1,27 @@
|
||||
From 797e17fc4a6f15e3b1756538a9f812b63942686f Mon Sep 17 00:00:00 2001
|
||||
From: Andrew Tridgell <andrew@tridgell.net>
|
||||
Date: Sat, 23 Aug 2025 17:26:53 +1000
|
||||
Subject: [PATCH] fixed an invalid access to files array
|
||||
|
||||
this was found by Calum Hutton from Rapid7. It is a real bug, but
|
||||
analysis shows it can't be leverged into an exploit. Worth fixing
|
||||
though.
|
||||
|
||||
Many thanks to Calum and Rapid7 for finding and reporting this
|
||||
---
|
||||
sender.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/sender.c b/sender.c
|
||||
index a4d46c39e..b1588b701 100644
|
||||
--- a/sender.c
|
||||
+++ b/sender.c
|
||||
@@ -262,6 +262,8 @@ void send_files(int f_in, int f_out)
|
||||
|
||||
if (ndx - cur_flist->ndx_start >= 0)
|
||||
file = cur_flist->files[ndx - cur_flist->ndx_start];
|
||||
+ else if (cur_flist->parent_ndx < 0)
|
||||
+ exit_cleanup(RERR_PROTOCOL);
|
||||
else
|
||||
file = dir_flist->files[cur_flist->parent_ndx];
|
||||
if (F_PATHNAME(file)) {
|
||||
@ -9,7 +9,7 @@
|
||||
Summary: A program for synchronizing files over a network
|
||||
Name: rsync
|
||||
Version: 3.4.1
|
||||
Release: 3%{?prerelease}%{?dist}
|
||||
Release: 4%{?prerelease}%{?dist}
|
||||
URL: https://rsync.samba.org/
|
||||
|
||||
Source0: https://download.samba.org/pub/rsync/src/rsync-%{version}%{?prerelease}.tar.gz
|
||||
@ -46,6 +46,7 @@ Patch1: rsync-3.2.2-runtests.patch
|
||||
# creating rrsync.1.md would require commonmark, we copy it instead
|
||||
Patch2: rsync-3.4.1-rrsync-man.patch
|
||||
Patch3: rsync-3.4.1-ssh-askpass.patch
|
||||
Patch4: rsync-3.4.1-cve-2025-10158.patch
|
||||
|
||||
%description
|
||||
Rsync uses a reliable algorithm to bring remote and host files into
|
||||
@ -88,6 +89,7 @@ may be used to setup a restricted rsync users via ssh logins.
|
||||
%patch 1 -p1 -b .runtests
|
||||
%patch 2 -p1 -b .rrsync
|
||||
%patch 3 -p1 -b .ssh-askpass
|
||||
%patch 4 -p1 -b .cve-2025-10158
|
||||
|
||||
%build
|
||||
%configure \
|
||||
@ -145,6 +147,9 @@ install -D -m644 %{SOURCE6} $RPM_BUILD_ROOT/%{_unitdir}/rsyncd@.service
|
||||
%systemd_postun_with_restart rsyncd.service
|
||||
|
||||
%changelog
|
||||
* Mon Apr 13 2026 Michal Ruprich <mruprich@redhat.com> - 3.4.1-4
|
||||
- Resolves: RHEL-152527 - CVE-2025-10158 Out of bounds array access via negative index
|
||||
|
||||
* Thu Oct 09 2025 Michal Ruprich <mruprich@redhat.com> - 3.4.1-3
|
||||
- Resolves: RHEL-118549 - Do not clear DISPLAY unconditionally
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user