Subj : Six vulnerabilities discovered in rsync
To   : All
From : LWN.net
Date : Wed Jan 15 2025 14:30:04

Six vulnerabilities discovered in rsync

Date:
Wed, 15 Jan 2025 14:19:13 +0000

Description:
Nick Tait announced on the
oss-security mailing list that rsync , the widely used file transfer program, 
had a number of serious vulnerabilities.
Users can mitigate all six vulnerabilities by upgrading to
version 3.4.0, which was released on January 14. While all users should 
upgrade, servers that use rsyncd are
especially impacted: In the most severe CVE, an attacker only requires
anonymous read access to a rsync server, such as a public mirror, to
execute arbitrary code on the machine the server is running on.

======================================================================
Link to news story:
https://lwn.net/Articles/1005129/


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)

.