"Rsync remote code execution" Message during SW upgrading

gipsyshadow · January 22, 2025, 6:50pm

I’m running Ubuntu 22.04 LTE and a couple of days ago I saw this
Rsync remote code execution

Patches available for rsync vulnerabilities, including a potential RCE,
tracked by CVE-2024-12084 through CVE-2024-12088 and CVE-2024-12747.
For more see: https://ubuntu.com/blog/rsync-remote-code-execution

in my SW upgrading window. It’s the first time I see this “News” box so I just want to ask you if anything I’d point my attention to happened, I mean if I’d do something or just click OK to download my upgradings as usual.
Thanks in advance.

ian-weisser · January 22, 2025, 7:57pm

I think the linked blog post explains the issue well.

rubi1200 · January 22, 2025, 8:04pm

@gipsyshadow Welcome to Ubuntu Discourse

From time to time, you might see extra information like this for certain packages.

As @ian-weisser mentioned, all the relevant points are in the blog post.

In a nutshell, it is safe to download and install.

The security teams work very hard to make sure Ubuntu users are protected from vulnerabilities.