A vulnerability in rsync might allow remote attackers to execute arbitrary commands.
Package | net-misc/rsync on all architectures |
---|---|
Affected versions | < 3.1.3 |
Unaffected versions | >= 3.1.3 |
File transfer program to keep remote files into sync.
A vulnerability was discovered in rsync’s parse_arguments function in options.c.
Remote attackers could possibly execute arbitrary commands with the privilege of the process.
There is no known workaround at this time.
All rsync users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/rsync-3.1.3"
Release date
May 08, 2018
Latest revision
May 08, 2018: 1
Severity
normal
Exploitable
remote
Bugzilla entries