Rsync Security Shake-Up: Fixes Arrive Just in Time, No Attacks Yet!

Rsync’s got a lot of computers feeling that syncing feeling with six new CVEs. But fear not! Rsync 3.4.0 swooped in, fixing them quicker than a cat on a laser pointer. Just update, and you’re safe from those pesky vulnerabilities, which are more ancient than dial-up modems.

3P
Published: January 17, 2025 3:56 pmAdded: January 17, 2025 at 8:32 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Oh, rsync, you magical syncing unicorn! You’ve been around since 1996, galloping across networks with your superpowers, only to be found hiding in the bushes with a heap of vulnerabilities. But worry not, for the knights of cybersecurity have come to the rescue with patches on speed dial!

Key Points:

  • Six vulnerabilities in rsync were announced on January 14, with one rated as critical (CVSS score of 9.8).
  • All flaws are fixed in rsync version 3.40, released the day after the announcement, with a further fix in version 3.4.1.
  • Linux distributors, like Canonical, swiftly issued updates for affected systems.
  • Google security researchers and a TikTok pen-tester identified these vulnerabilities.
  • Microsoft’s alternative, Remote Differential Compression, is now a deprecated feature.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?