rsync path sanitation vulnerability

A vulnerability has been reported in rsync, which potentially can be exploited by malicious users to read or write arbitrary files on a vulnerable system. rsync is a software product for keeping files synched across multiple systems. Rsync is a network-based program and typically communicates over TCP port 873. There is a flaw in this version of rsync which, due to an input validation error, would allow a remote attacker to gain access to the remote system. An attacker, exploiting this flaw, would need network access to the TCP port. Successful exploitation requires that the rsync daemon is *not* running chrooted. *** Since rsync does not advertise its version number *** and since there are little details about this flaw at *** this time, this might be a false positive
Upgrade to rsync 2.6.3 or newer