4 matches found
CLSA-2026-1779869103 Fix CVE(s): CVE-2024-12086, CVE-2026-29518, CVE-2026-43618
SECURITY UPDATE: receiver process memory disclosure via compressed-token integer overflow: - debian/patches/els/0004-CVE-2026-43618.patch: cap rxtoken at MAXTOKENINDEX; reject out-of-range token values. - CVE-2026-43618. SECURITY UPDATE: malicious server can enumerate arbitrary client files via...
CLSA-2026-1779694727 Fix CVE(s): CVE-2026-29518
SECURITY UPDATE: daemon-no-chroot TOCTOU symlink race - debian/patches/CVE-2026-29518.patch: track per-module chroot in amchrooted and usesecuresymlinks; route the sender's read-path open, the receiver's basis-file open, mkstemp, and inplace write through securerelativeopen / securemkstemp -...
CLSA-2026-1779694338 rsync: Fix of CVE-2026-29518
CVE-2026-29518: fix daemon-no-chroot sender TOCTOU symlink race by opening source files via securerelativeopen from module root...
CLSA-2026-1776873915 rsync: Fix of CVE-2024-12086
CVE-2024-12086: prevent info leak during file transfer by refusing malicious fuzzy operations and confining basis-file opens to the destination via securerelativeopen...