Six vulnerabilities discovered in rsync
Date:
Wed, 15 Jan 2025 14:19:13 +0000
Description:
Nick Tait announced on the
oss-security mailing list that rsync , the widely used file transfer program, had a number of serious vulnerabilities.
Users can mitigate all six vulnerabilities by upgrading to
version 3.4.0, which was released on January 14. While all users should upgrade, servers that use rsyncd are
especially impacted: In the most severe CVE, an attacker only requires anonymous read access to a rsync server, such as a public mirror, to
execute arbitrary code on the machine the server is running on.
======================================================================
Link to news story:
https://lwn.net/Articles/1005129/
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)