In case you haven't heard, there is a really nasty CVSS 9.8 bug in Rsync that was discovered by Google. This is definitely one that you want to get patched sooner than later. From the communications seen so far, the patched version is 3.4.0.ย
Take note of the steps below for patching across different Linux distros:
Distros based on Debian (Ubuntu, Debian)
Check the repos for updatesย
sudo apt update
Update rsync:
sudo apt install --only-upgrade rsync
After updating, check your version of rsync:
rsync --version
ย If the version in the repository is outdated, install build dependencies:
sudo apt install build-essential wget libssl-dev -y
Download the latest rsync source code:
wget https://download.samba.org/pub/rsync/src/rsync-3.4.0.tar.gz
Extract the package and compile:
tar -xzf rsync-3.4.0.tar.gz cd rsync-3.4.0 ./configure make sudo make install
Finally, once you have installed, verify the rsync version:
rsync --version
ย
Distros based on RHEL (CentOS, Rocky Linux, AlmaLinux, Fedora)
You can use DNF or Yum to update:
sudo yum update rsync sudo dnf update rsync
Finally, chjeck the version of rsync:
rsync --version
sudo yum install epel-release -y sudo yum install rsync
Build from Source
If the repository version is still outdated, follow the same steps as in the Debian instructions for compiling from source.
Distros based on Arch (Arch Linux, Manjaro)
If rsync 3.4.0 is not yet in the official Arch repositories, use the AUR (Arch User Repo) or you can also compile it from source like the other distros we have mentioned.
Distros based on SUSE (openSUSE, SLES)
You can update your system packages and update rsync:
sudo zypper refresh sudo zypper update rsync
Check the version of rsync:
rsync --version
Hopefully, this cheat sheet of update commands and building from source will help those looking to update their rsync environment.