Security researchers at Google, namely Pedro Gallegos, Simon Scannell, and Jasiel Spelman, identified vulnerabilities in both the rsync server and client. These vulnerabilities range from extremely concerning to just annoying, and are at different stages of being patched. This blog post will be updated as patches are released by us. The Announcement The server vulnerabilities (CVE-2024-12084 and CVE-2024-12085) can lead to remote code execution (RCE). On the client side, vulnerabilities allow...
