A vulnerability in rsync might allow remote attackers to execute arbitrary commands.
|Package||net-misc/rsync on all architectures|
|Affected versions||< 3.1.3|
|Unaffected versions||>= 3.1.3|
File transfer program to keep remote files into sync.
A vulnerability was discovered in rsync’s parse_arguments function in options.c.
Remote attackers could possibly execute arbitrary commands with the privilege of the process.
There is no known workaround at this time.
All rsync users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/rsync-3.1.3"
May 08, 2018
May 08, 2018: 1