rsync: Rsync: Use-after-free vulnerability in extended attribute handling

A flaw was found in rsync. When rsync is configured to handle extended attributes using the -X or --xattrs option, a remote attacker can exploit a use-after-free vulnerability. This occurs because the receivexattr function incorrectly processes an untrusted length value during a sorting operation...

Important: Red Hat Security Advisory: rsync security update

An update for rsync is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RHEL 9 : rsync (RHSA-2026:20601)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:20601 advisory. The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only...

RHEL 9 : rsync (RHSA-2026:20604)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20604 advisory. The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because...

RHEL 9 : rsync (RHSA-2026:20602)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20602 advisory. The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because...

RHEL 9 : rsync (RHSA-2026:20603)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20603 advisory. The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because...

TencentOS Server 3: rsync (TSSA-2026:0379)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0379 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Security update for rsync

This update for rsync fixes the following issues CVE-2026-29518: Symlink-Race TOCTOU in Daemon bsc1264511. CVE-2026-43617: Authorization Bypass via Hostname Resolution bsc1264515. CVE-2026-43618: Integer Overflow Information Disclosure bsc1264512. CVE-2026-43620: Out-of-Bounds Array Read via...

CLSA-2026-1779694887 rsync: Fix of CVE-2026-29518

CVE-2026-29518: fix daemon-no-chroot TOCTOU symlink race by tracking per-module chroot in amchrooted, routing sender read-path, receiver basis-file open, mkstemp, and inplace write through securerelativeopen / securemkstemp...

CLSA-2026-1779694338 rsync: Fix of CVE-2026-29518

CVE-2026-29518: fix daemon-no-chroot sender TOCTOU symlink race by opening source files via securerelativeopen from module root...

Alibaba Cloud Linux 3 : 0131: rsync (ALINUX3-SA-2026:0131)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0131 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-41035: In rsync 3.0.1 through 3.4.1,...

rsync-3.4.3-1.1 on GA media (moderate)

rsync-3.4.3-1.1 on GA media Announcement ID: openSUSE-SU-2026:10857-1 Rating: moderate Cross-References: CVE-2026-29518 CVE-2026-43617 CVE-2026-43618 CVE-2026-43619 CVE-2026-43620 CVE-2026-45232 CVSS scores: CVE-2026-29518 SUSE : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-29518 SUSE ...

OPENSUSE-SU-2026:10857-1 rsync-3.4.3-1.1 on GA media

These are all security issues fixed in the rsync-3.4.3-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-43620 affecting package rsync for versions less than 3.4.3-1

CVE-2026-43620 affecting package rsync for versions less than 3.4.3-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-43619 affecting package rsync for versions less than 3.4.3-1

CVE-2026-43619 affecting package rsync for versions less than 3.4.3-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-45232 affecting package rsync for versions less than 3.4.3-1

CVE-2026-45232 affecting package rsync for versions less than 3.4.3-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-43617 affecting package rsync for versions less than 3.4.3-1

CVE-2026-43617 affecting package rsync for versions less than 3.4.3-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-43618 affecting package rsync for versions less than 3.4.3-1

CVE-2026-43618 affecting package rsync for versions less than 3.4.3-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-41035 affecting package rsync for versions less than 3.4.3-1

CVE-2026-41035 affecting package rsync for versions less than 3.4.3-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-29518 affecting package rsync for versions less than 3.4.3-1

CVE-2026-29518 affecting package rsync for versions less than 3.4.3-1. An upgraded version of the package is available that resolves this issue...