Key Information Vulnerability Overview Type/Severity: Security Advisory - Moderate Subject: Security update for rsync, applicable to Red Hat Enterprise Linux 9. Description Security Fixes: - CVE-2024-12087: Path traversal vulnerability in rsync. - CVE-2024-12088: Path traversal via bypassing rsync's --safe-links option. - CVE-2024-12747: Race condition when rsync handles symbolic links. Affected Products Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for IBM z Systems 9 s390x Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for ARM 64 aarch64 Remediation BZ-2330672: CVE-2024-12087 rsync path traversal vulnerability. BZ-2330676: CVE-2024-12088 rsync --safe-links option bypass leading to path traversal. BZ-2332968: CVE-2024-12747 race condition in rsync when handling symbolic links. RHEL-18226: /usr/share/doc/rsync/support/trrsync is insecure. RHEL-67742: rsync reports incorrect progress when using copy-devices. RHEL-70265: Upgrade rsync to version 3.2.5. References Red Hat Security Update Classification Red Hat Enterprise Linux 9 Release Notes