Jan 15, 2025 at 3:15 PM

Rsync 3.4 has been released with fixes for several critical security vulnerabilities

Version 3.4 of rsync, an open source utility for fast incremental file transfer, has been released to address multiple significant security vulnerabilities. Rsync, commonly used for backing up Linux systems, has been updated not for new features but to fix these critical security issues.

The Google Cloud Vulnerability Research team, along with Aleksei Gorban, identified six vulnerabilities, including a heap buffer overflow, information leak, and server issues that could expose arbitrary client files or allow clients to write files outside the destination directory via symbolic links. Additional vulnerabilities include a safe-links bypass and a symlink race condition.

Beyond these security fixes, version 3.4 includes a few bug fixes and introduces continuous integration builds for FreeBSD and Solaris. The rsync protocol number has also been updated to 32, facilitating server updates in response to these security issues.

Jan 15, 2025 by Paul

MORE ABOUT: #File Sync Tools #File Copy Utilities #rsync

rsync

266

File Sync Tool
Free • Open Source

rsync is a Unix-based software application designed for efficient file and directory synchronization between locations, utilizing delta encoding to minimize data transfer. Notably, it offers a command line interface, schedule backup capabilities, and file-by-file encryption. Rated 4.7, its top alternatives include Syncthing, FreeFileSync, and TeraCopy.

External links

NEWS for rsync 3.4.0 (15 Jan 2025)
rsync • Official source
Rsync 3.4 Released Due To Multiple, Significant Security Vulnerabilities
Phoronix
Google Cloud Researchers Uncover Flaws in Rsync File Synchronization Tool
The Hacker News
Linux Rsync File Transfer Tool Vulnerability Let Attackers Execute Arbitrary Code
Cyber Security News
Critical Flaws in Widely Used Rsync Tool Puts Millions at Risk
CyberInsider

No comments so far, maybe you want to be first?