**æʃliŋ, loaf of autismo** @aescling@cat.family · May 20, 2026, 17:53

**æʃliŋ, loaf of autismo** @aescling@cat.family · May 20, 2026, 17:53

æʃliŋ, loaf of autismo @aescling@cat.family

May 20, 2026, 17:53

æʃliŋ, loaf of autismo @aescling@cat.family

rsync CVEs, huh

**Vaporeon ☭** @vaporeon_@glaceon.social · May 20, 2026, 22:51

**Vaporeon ☭** @vaporeon_@glaceon.social · May 20, 2026, 22:51

May 20, 2026, 22:51

Vaporeon ☭ @vaporeon_@glaceon.social

@aescling Do I need to do anything about it? If I've an SSH server and rsync?

**æʃliŋ, loaf of autismo** @aescling@cat.family · 2026-05-20T22:54:31Z

æʃliŋ, loaf of autismo @aescling@cat.family

@vaporeon_ i’m tempted to say not necessarily; most of the issues are with the client being able to be tricked by a misbehaving server (or proxy)

May 20, 2026, 22:54 · · · ·

**Vaporeon ☭** @vaporeon_@glaceon.social · May 20, 2026, 22:55

**Vaporeon ☭** @vaporeon_@glaceon.social · May 20, 2026, 22:55

May 20, 2026, 22:55

Vaporeon ☭ @vaporeon_@glaceon.social

@aescling Ah, OK, so if I only regularly rsync between my own computers, then things are fine, even if one of those computers and its sshd is exposed to the global Internet?

**æʃliŋ, loaf of autismo** @aescling@cat.family · May 20, 2026, 22:56

**æʃliŋ, loaf of autismo** @aescling@cat.family · May 20, 2026, 22:56

May 20, 2026, 22:56

æʃliŋ, loaf of autismo @aescling@cat.family

@vaporeon_ that is what it seemed like to me

**æʃliŋ, loaf of autismo** @aescling@cat.family · May 20, 2026, 22:55

**æʃliŋ, loaf of autismo** @aescling@cat.family · May 20, 2026, 22:55

May 20, 2026, 22:55

æʃliŋ, loaf of autismo @aescling@cat.family

@vaporeon_ you can get the server to leak purrivate info like environment variables, but if you’re only running the dæmon behind SSH then you have way bigger purroblems if somebody is successfully taking advantage of that

Resources

Developers

What is Mastodon?

cat.family

More…