USN-5921-1: rsync vulnerabilities
6 March 2023
rsync could be made to overwrite files.
- rsync - fast, versatile, remote (and local) file-copying tool
Koen van Hove discovered that the rsync client incorrectly validated
filenames returned by servers. If a user or automated system were tricked
into connecting to a malicious server, a remote attacker could use this
issue to write arbitrary files, and possibly escalate privileges.
The problem can be corrected by updating your system to the following package versions:
On Ubuntu 22.04 LTS and Ubuntu 22.10, this update uses a new upstream
release, which includes additional bug fixes. In general, a standard system
update will make all the necessary changes.