Dear all, As you may have heard through other channels, six vulnerabilities have been identified in RSYNC: https://vulnerability.circl.lu/bundle/d938dc28-6877-40db-ad5f-25f3051288e6
We would like to note that two of the vulnerabilities affect rsync servers but the RIPE NCC RPKI RSYNC repository was not affected by these vulnerabilities. RIPE NCC RRDP and RSYNC repositories are operated independently, taking their data from a common internal source. Therefore issues with one protocol cannot affect the other protocol. As mentioned, the RIPE NCC RSYNC server was not affected, but even if it had been, any issues would not have affected the content of the RRDP repository. The other vulnerabilities affect rsync clients. RPKI validators have a preference for retrieving RPKI data using the RRDP (HTTPS based) protocol, but fall back to RSYNC if RRDP is unavailable. If you operate an RPKI validator, we recommend that you either: - Upgrade your rsync client to 3.4.1 (or higher when available); or - Upgrade your rsync client to a patched version provided by your OS vendor; or - Look into using openrsync Kind regards, Tim Bruijnzeels Principal Engineer RPKI RIPE NCC ----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/routing-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
