new release 3.4.0 - critical security release
Charalampos Mitrodimas
charmitro at posteo.net
Tue Jan 14 20:00:29 UTC 2025
"rsync.project via rsync" <rsync at lists.samba.org> writes:
> We have just released version 3.4.0 of rsync. This release fixes 6 security vulnerabilities found by two
> groups of security researchers.
>
> You can find the new release links here:
>
> - https://rsync.samba.org/
> - https://download.samba.org/pub/rsync/src/
>
> For details on the vulnerabilities please see this CERT advisory:
>
> https://kb.cert.org/vuls/id/952657
The vulnerabilities note was only posted today; great job addressing it
so quickly
C. Mitrodimas
>
> The various distros should be doing security releases today
> Many thanks to Simon Scannell, Pedro Gallegos, and Jasiel Spelman at Google Cloud Vulnerability Research
> and Aleksei Gorban (Loqpa) for discovering these vulnerabilities and working with the rsync project to
> develop and test fixes.
>
> Also many thanks to Wayne Davison for assisting with the release process as this is the first release I've
> done since 2002 when Wayne took over as the rsync maintainer.
>
> Andrew Tridgell
> rsync maintainer (again!)
More information about the rsync
mailing list