2447 matches found
Rsync < 3.4.3 Integer Overflow Information Disclosure
...
Rsync < 3.4.3 Symlink Race Condition via Path-Based Syscalls
...
[slackware-security] rsync
New rsync packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/rsync-3.4.3-i586-1slack15.0.txz: Upgraded. This update fixes security issues: TOCTOU symlink race condition allowing local privilege...
[SECURITY] Fedora 43 Update: rsync-3.4.1-6.fc43
Rsync uses a reliable algorithm to bring remote and host files into sync very quickly. Rsync is fast because it just sends the differences in the files over the network instead of sending the complete files. Rsync is often used as a very powerful mirroring process or just as a more capable...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : rsync vulnerabilities (USN-8283-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8283-1 advisory. Calum Hutton discovered that rsync contained a heap-based out-of-bounds read when handling file transfers. A remote...
Slackware Linux 15.0 / current rsync Multiple Vulnerabilities (SSA:2026-141-02)
The version of rsync installed on the remote host is prior to 3.4.3. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2026-141-02 advisory. New rsync packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the preceding...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the daemon file handling. An attacker can create or overwrite arbitrary files by replacing parent directory components with symbolic links during the window between validation and use...
[SECURITY] [DLA 4591-1] rsync security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4591-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz May 20, 2026 https://wiki.debian.org/LTS -...
[SECURITY] [DSA 6282-1] rsync security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6282-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 20, 2026 https://www.debian.org/security/faq -...
ALPINE-CVE-2026-29518
Rsync versions before 3.4.3 contain a time-of-check to time-of-use TOCTOU race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path ca...
CVE-2026-29518
Rsync versions before 3.4.3 contain a time-of-check to time-of-use TOCTOU race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path ca...
CVE-2026-29518 Rsync < 3.4.3 TOCTOU Race Condition Allows Symlink-Based Arbitrary File Write
Rsync versions before 3.4.3 contain a time-of-check to time-of-use TOCTOU race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path ca...
CVE-2026-29518
Rsync versions before 3.4.3 contain a time-of-check to time-of-use TOCTOU race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path ca...
CVE-2026-29518 Rsync < 3.4.3 TOCTOU Race Condition Allows Symlink-Based Arbitrary File Write
Rsync versions before 3.4.3 contain a time-of-check to time-of-use TOCTOU race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path ca...
USN-8283-1 rsync vulnerabilities
Calum Hutton discovered that rsync contained a heap-based out-of-bounds read when handling file transfers. A remote attacker with read access to an rsync server could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.1...
USN-8283-1: rsync vulnerabilities
Calum Hutton discovered that rsync contained a heap-based out-of-bounds read when handling file transfers. A remote attacker with read access to an rsync server could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.1...
RHSA-2026:19368 Red Hat Security Advisory: rsync security update
Bulletin has no description...
RHSA-2026:19152 Red Hat Security Advisory: rsync security update
Bulletin has no description...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the compressed-token decoder process. An attacker can access sensitive memory contents, including environment variables, passwords, heap and stack data, and library memory pointers, by sending speciall...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition via the timing window between path resolution and syscall execution in operations such as chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat. An attacker...