The latest and greatest news from the Arch Linux distribution.
(https://archlinux.org/news/critical-rsync-security-release-340/) Critical rsync security release 3.4.0
Jan 16th 2025, 16:33
We'd like to raise awareness about the rsync security release version 3.4.0-1 as described in our advisory (https://security.archlinux.org/ASA-202501-1) ASA-202501-1.
An attacker only requires anonymous read access to a vulnerable rsync server, such as a public mirror, to execute arbitrary code on the machine the server is running on.
Additionally, attackers can take control of an affected server and read/write arbitrary files of any connected client.
Sensitive data can be extracted, such as OpenPGP and SSH keys, and malicious code can be executed by overwriting files such as ~/.bashrc or ~/.popt.
We highly advise anyone who runs an rsync daemon or client prior to version 3.4.0-1 to upgrade and reboot their systems immediately.
As Arch Linux mirrors are mostly synchronized using rsync, we highly advise any mirror administrator to act immediately, even though the hosted package files themselves are cryptographically signed.
All infrastructure servers and mirrors maintained by Arch Linux have already been updated.
https://archlinux.org/news/critical-rsync-security-release-340/
Toda la información y las últimas novedades del software libre las puedes encontrar en (http://ubuntuleon.com) ubuntuleon.com
(https://blogtrottr.com/unsubscribe/nx2/dCCZZN) unsubscribe from this feed
0 comentarios:
Publicar un comentario