| Walt Mankowski via plug on 28 Jan 2025 17:03:56 -0800 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] rsync flaws |
Ubuntu 24.10 finally got the security fixes for rsync today: https://lists.ubuntu.com/archives/ubuntu-security-announce/2025-January/008947.html On Thu, Jan 16, 2025 at 09:37:41PM -0500, Walt Mankowski via plug wrote: > Actually Ubuntu 24.10, which has rsync 3.0.0, hasn't been patched yet. > > On Thu, Jan 16, 2025 at 08:24:12PM -0500, Steve Litt via plug wrote: > > Void Linux also fixed it. > > > > Walt Mankowski via plug said on Wed, 15 Jan 2025 13:57:19 -0500 > > > > >Thanks for posting this. There's already a fix out for ubuntu that I'm > > >getting ready to install on some servers I maintain. > > > > > >Walt > > > > > >On Wed, Jan 15, 2025 at 10:16:50AM -0500, jeffv via plug wrote: > > >> Google Cloud Researchers Uncover Flaws in Rsync File Synchronization > > >> Tool > > >> > > >> https://thehackernews.com/2025/01/google-cloud-researchers-uncover-flaws.html > > >> > > >> As many as six security vulnerabilities have been disclosed in the > > >> popular Rsync file-synchronizing tool for Unix systems, some of > > >> which could be exploited to execute arbitrary code on a client. > > >> > > >> "Attackers can take control of a malicious server and read/write > > >> arbitrary files of any connected client," the CERT Coordination > > >> Center (CERT/CC) said in an advisory. "Sensitive data, such as SSH > > >> keys, can be extracted, and malicious code can be executed by > > >> overwriting files such as ~/.bashrc or ~/.popt." > > >> ___________________________________________________________________________ > > >> Philadelphia Linux Users Group > > >> -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce > > >> General Discussion > > >> -- http://lists.phillylinux.org/mailman/listinfo/plug > > >___________________________________________________________________________ > > >Philadelphia Linux Users Group > > >-- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce > > >General Discussion > > >-- http://lists.phillylinux.org/mailman/listinfo/plug > > > > > > SteveT > > > > Steve Litt > > > > http://444domains.com > > ___________________________________________________________________________ > > Philadelphia Linux Users Group -- http://www.phillylinux.org > > Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce > > General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug > ___________________________________________________________________________ > Philadelphia Linux Users Group -- http://www.phillylinux.org > Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce > General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug