rsync.project
2025-Jan-14 19:49 UTC
[rsync-announce] new release 3.4.0 - critical security release
We have just released version 3.4.0 of rsync. This release fixes 6 security vulnerabilities found by two groups of security researchers. You can find the new release links here: - https://rsync.samba.org/ - https://download.samba.org/pub/rsync/src/ For details on the vulnerabilities please see this CERT advisory: https://kb.cert.org/vuls/id/952657 The various distros should be doing security releases today Many thanks to Simon Scannell, Pedro Gallegos, and Jasiel Spelman at Google Cloud Vulnerability Research and Aleksei Gorban (Loqpa) for discovering these vulnerabilities and working with the rsync project to develop and test fixes. Also many thanks to Wayne Davison for assisting with the release process as this is the first release I've done since 2002 when Wayne took over as the rsync maintainer. Andrew Tridgell rsync maintainer (again!) -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.samba.org/pipermail/rsync-announce/attachments/20250115/6b953bcd/attachment.htm>
Charalampos Mitrodimas
2025-Jan-14 20:00 UTC
new release 3.4.0 - critical security release
"rsync.project via rsync" <rsync at lists.samba.org> writes:> We have just released version 3.4.0 of rsync. This release fixes 6 security vulnerabilities found by two > groups of security researchers. > > You can find the new release links here: > > - https://rsync.samba.org/ > - https://download.samba.org/pub/rsync/src/ > > For details on the vulnerabilities please see this CERT advisory: > > https://kb.cert.org/vuls/id/952657The vulnerabilities note was only posted today; great job addressing it so quickly C. Mitrodimas> > The various distros should be doing security releases today > Many thanks to Simon Scannell, Pedro Gallegos, and Jasiel Spelman at Google Cloud Vulnerability Research > and Aleksei Gorban (Loqpa) for discovering these vulnerabilities and working with the rsync project to > develop and test fixes. > > Also many thanks to Wayne Davison for assisting with the release process as this is the first release I've > done since 2002 when Wayne took over as the rsync maintainer. > > Andrew Tridgell > rsync maintainer (again!)
rsbecker at nexbridge.com
2025-Jan-14 20:16 UTC
new release 3.4.0 - critical security release
A new dependency was added since 3.3, alloca(), which is not portable. Is there a way around this? Thanks, Randall From: rsync <rsync-bounces at lists.samba.org> On Behalf Of rsync.project via rsync Sent: January 14, 2025 2:49 PM To: rsync-announce at lists.samba.org Cc: rsync at lists.samba.org Subject: new release 3.4.0 - critical security release We have just released version 3.4.0 of rsync. This release fixes 6 security vulnerabilities found by two groups of security researchers. You can find the new release links here: - https://rsync.samba.org/ - https://download.samba.org/pub/rsync/src/ For details on the vulnerabilities please see this CERT advisory: https://kb.cert.org/vuls/id/952657 The various distros should be doing security releases today Many thanks to Simon Scannell, Pedro Gallegos, and Jasiel Spelman at Google Cloud Vulnerability Research and Aleksei Gorban (Loqpa) for discovering these vulnerabilities and working with the rsync project to develop and test fixes. Also many thanks to Wayne Davison for assisting with the release process as this is the first release I've done since 2002 when Wayne took over as the rsync maintainer. Andrew Tridgell rsync maintainer (again!) -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.samba.org/pipermail/rsync/attachments/20250114/8990aa97/attachment.htm>