Post Syndicated from daroc original https://lwn.net/Articles/1005129/

Nick Tait
announced on the
oss-security mailing list that

rsync, the widely used file transfer program, had a number of serious vulnerabilities.
Users can mitigate all six vulnerabilities by upgrading to
version 3.4.0, which was

released on January 14. While all users should upgrade, servers that use rsyncd are
especially impacted:

In the most severe CVE, an attacker only requires
anonymous read access to a rsync server, such as a public mirror, to
execute arbitrary code on the machine the server is running on.