A flaw was found in rssh. The client could send the --daemon and --config options to the server and they would be passed through by rssh. Not only does this allow the client to start a daemon listening on the normal rsync port, which is probably not desirable, but various options set in the daemon configuration file specified with --config allow arbitrary code execution. (The most obvious is pre-xfer exec.)
Created rssh tracking bugs for this issue:
Affects: epel-all [bug 1672381]
Affects: fedora-all [bug 1672380]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.