Addressing CVE-2024-12084 & CVE-2024-12085 vulnerabalities in TPCF

search cancel

Addressing CVE-2024-12084 & CVE-2024-12085 vulnerabalities in TPCF

book

Article ID: 389961

calendar_today

Updated On: 03-11-2025

Products

VMware Tanzu Application Service VMware Tanzu Application Service VMware Tanzu Application Service for VMs

Issue/Introduction

The remote heap overflow of CVE-2024-12084 and remote data disclosure of CVE-2024-12085, which are triggered when using rsync as a server, rather than a client.

Details refer to below pages -

https://ubuntu.com/security/CVE-2024-12084
https://ubuntu.com/security/CVE-2024-12085

Resolution

These vulnerabilities were introduced in rsync v3.2.7.

Jammy stemcell prior to v1.719 it is present but we are not affected (due to not running the daemon), and Jammy stemcell 1.719+ has the fix.

The patches for cflinuxfs4 is in TPCF v4.0.33+, TPCF v6.0.13+ and TPCF v10.0.3+ to address theses critical CVEs.

Feedback

thumb_up Yes

thumb_down No