We are pleased to announce that TrueNAS CORE has a new release specifically to address vulnerabilities identified in Rsync upstream.
Please note that if the Rsync service is disabled in the system, the vulnerability is not exposed. Execution of Rsync tasks does not depend on this service being enabled.
This is a high-priority security release that also incorporates a fix from the unreleased 13.0-U6.5 version:
-
Fix for Fibre Channel command executions getting stuck and negatively impacting system functionality or performance.
-
Updates to the rsync daemon mode to address recent CVEs (NAS-133561).
See the TrueNAS Security Advisories for more details about the CVEs, including the iXsystems response.
Release Notes: https://www.truenas.com/docs/core/13.0/gettingstarted/corereleasenotes/#130-u66
Download: https://www.truenas.com/download-truenas-core
Documentation: https://www.truenas.com/docs/core/13.0
Thank you for continuing to use TrueNAS. Your feedback is appreciated!
