rsync critical vulnerability

14 Jan 2025


      Hi all,
as a mirror admin mirroring various Linux distributions I am getting
warnings about critical rsync vulnerability described here:
https://kb.cert.org/vuls/id/952657 .
The message to Debian mirrors says that affected versions are rsync >= 3.2.7,
while I run my mirror on Alma9, which has 3.2.3, so I presume it is not
affected (also the above link lists Alma9 as not affected).
Just a heads-up, check your rsync versions.
Cheers,
-Yenya (ftp.fi.muni.cz Fedora Tier0 mirror admin)
-- 
| Jan "Yenya" Kasprzak <kas at {fi.muni.cz - work | yenya.net - private}> |
| https://www.fi.muni.cz/~kas/                        GPG: 4096R/A45477D5 |
    We all agree on the necessity of compromise. We just can't agree on
    when it's necessary to compromise.                     --Larry Wall

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

rsync critical vulnerability