2 matches found
rsync: Fix of CVE-2026-41035
CVE-2026-41035: fix use-after-free in receivexattr by using tempxattr.count instead of the stale count in qsort...
CLSA-2026-1780054763 Fix CVE(s): CVE-2026-41035
SECURITY UPDATE: use-after-free in receivexattr - debian/patches/CVE-2026-41035.patch: replace stale local 'count' with tempxattr.count in the qsort call inside receivexattr, so the sort uses the live size of the rebuilt xattr items list; victim must run rsync with -X / --xattrs - CVE-2026-41035...