Hey everyone 
Rsync is a Linux utility used to sync files between remote and local servers. This tool – which is the standard utility used to power things like cloning and backups across the cloud industry – was discovered to contain 6 serious vulnerabilities that can allow hackers to access your files.
Note: If you have the latest version of the RunCloud Agent running on your server and have security updates enabled in your settings – Rsync should have already been updated to the latest version. We encourage you to check the Rsync version as outlined below.
Note: If you are running a version of Linux older than 22.04 LTS, then you should not be affected by this vulnerability.
To check your Rsync version, run the following command:
apt list --installed | grep rsync
To subsequently update your Rsync version, you can do so by running the following command:
apt-get update && unattended-upgrade -d
After the update, rerun the following command:
apt list --installed | grep rsync
If the update process was successful, your Rsync version should be updated to one of the following:
- For Ubuntu 24.04: 3.2.7-1ubuntu1.1
- For Ubuntu 22.04: 3.2.7-0ubuntu0.22.04.3
For more information related to this vulnerability, please refer to: CVE-2024-12084 | Ubuntu
Note: This is a third-party vulnerability relating to Linux itself, not RunCloud. The purpose of this announcement is to protect you and allow you to secure your servers. Rsync is a widely-used utility used by virtually any Linux based cloud platforms. While most may simply choose not to notify their users of the vulnerability to avoid causing alarm, we, believe in keeping you up-to-date and allowing you to decide what actions to take.
Thank you for choosing RunCloud. 