elfyService toot for sysadmin folks:
There's six vulnerabilities in #rsync, including a CVSS of 9.8: "In the most severe CVE, an attacker only requires
anonymous read access to a rsync server, such as a public mirror, to
execute arbitrary code on the machine the server is running on."
Full report of all six vulnerabilities: https://www.openwall.com/lists/oss-security/2025/01/14/3
The most critical vulnerability (CVE-2024-12084) seems to be fixed in Debian Stable atm: https://security-tracker.debian.org/tracker/source-package/rsync