mirror of
https://git.yoctoproject.org/git/poky
synced 2026-01-01 13:58:04 +00:00
rsync: fix CVE-2025-10158
CVE-2025-10158:
A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-10158]
Upstream patch:
[797e17fc4a]
(From OE-Core rev: fe4bea86b27551edbe7440ff47041b6d45b2f4e1)
Signed-off-by: Liyin Zhang <liyin.zhang.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Liyin Zhang
Steve Sakoman
parent
cde4ddcfd1
commit
652e8fc3b9
36
meta/recipes-devtools/rsync/files/CVE-2025-10158.patch
Normal file
36
meta/recipes-devtools/rsync/files/CVE-2025-10158.patch
Normal file
|
|
@ -0,0 +1,36 @@
|
|||
From a8fabf850c3c5164520c307199e9abc5ded45e4c Mon Sep 17 00:00:00 2001
|
||||
From: Andrew Tridgell <andrew@tridgell.net>
|
||||
Date: Sat, 23 Aug 2025 17:26:53 +1000
|
||||
Subject: [PATCH] fixed an invalid access to files array
|
||||
|
||||
this was found by Calum Hutton from Rapid7. It is a real bug, but
|
||||
analysis shows it can't be leverged into an exploit. Worth fixing
|
||||
though.
|
||||
|
||||
Many thanks to Calum and Rapid7 for finding and reporting this
|
||||
|
||||
CVE: CVE-2025-10158
|
||||
|
||||
Upstream-Status: Backport [https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f]
|
||||
|
||||
Signed-off-by: Liyin Zhang <liyin.zhang.cn@windriver.com>
|
||||
---
|
||||
sender.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/sender.c b/sender.c
|
||||
index a4d46c39..b1588b70 100644
|
||||
--- a/sender.c
|
||||
+++ b/sender.c
|
||||
@@ -262,6 +262,8 @@ void send_files(int f_in, int f_out)
|
||||
|
||||
if (ndx - cur_flist->ndx_start >= 0)
|
||||
file = cur_flist->files[ndx - cur_flist->ndx_start];
|
||||
+ else if (cur_flist->parent_ndx < 0)
|
||||
+ exit_cleanup(RERR_PROTOCOL);
|
||||
else
|
||||
file = dir_flist->files[cur_flist->parent_ndx];
|
||||
if (F_PATHNAME(file)) {
|
||||
--
|
||||
2.35.5
|
||||
|
||||
|
|
@ -27,6 +27,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \
|
|||
file://CVE-2024-12087-0003.patch \
|
||||
file://CVE-2024-12088.patch \
|
||||
file://CVE-2024-12747.patch \
|
||||
file://CVE-2025-10158.patch \
|
||||
"
|
||||
|
||||
SRC_URI[sha256sum] = "4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb"
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user