15 matches found
Important: Red Hat Security Advisory: rsync security update
An update for rsync is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...
CLSA-2026-1780054763 Fix CVE(s): CVE-2026-41035
SECURITY UPDATE: use-after-free in receivexattr - debian/patches/CVE-2026-41035.patch: replace stale local 'count' with tempxattr.count in the qsort call inside receivexattr, so the sort uses the live size of the rebuilt xattr items list; victim must run rsync with -X / --xattrs - CVE-2026-41035...
Important: Red Hat Security Advisory: rsync security update
An update for rsync is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Important: Red Hat Security Advisory: rsync security update
An update for rsync is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Alibaba Cloud Linux 3 : 0131: rsync (ALINUX3-SA-2026:0131)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0131 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-41035: In rsync 3.0.1 through 3.4.1,...
CVE-2026-41035 affecting package rsync for versions less than 3.4.3-1
CVE-2026-41035 affecting package rsync for versions less than 3.4.3-1. An upgraded version of the package is available that resolves this issue...
SUSE-SU-2026:2002-1 Security update for rsync
This update for rsync fixes the following issue - CVE-2026-41035: count of entries mismatch can lead to a use-after-free bsc1262223...
ALSA-2026:19152 Important: rsync security update
The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fixes:...
SUSE-SU-2026:21686-1 Security update for rsync
This update for rsync fixes the following issue - CVE-2026-41035: count of entries mismatch can lead to a use-after-free bsc1262223...
rsync security update
3.1.3-25 - Resolves: RHEL-169141 - CVE-2026-41035 - Use-after-free vulnerability in extended attribute handling...
OESA-2026-2150 rsync security update
Rsync is an open source utility that provides fast incremental file transfer. It uses the "rsync algorithm" which provides a very fast method for bringing remote files into sync. It does this by sending just the differences in the files across the link, without requiring that both sets of files a...
BELL-CVE-2026-41035
Bulletin has no description...
CVE-2026-41035
creationtimestamp| type| source ---|---|--- 2026-04-16 09:16:03+00:00| seen| Telegram/yXoKEH-Nbvx8vVZVETbcb5fnBU2DfxjhcC8NzdaVOFnAe1M 2026-05-20 20:39:45+00:00| seen| https://bsky.app/profile/ferramentaslinux.bsky.social/post/3mmcr7r63322y 2026-05-20 20:39:46+00:00| seen|...
CVE-2026-41035
In rsync 3.0.1 through 3.4.1, receivexattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X aka --xattrs. On Linux, many but not all common configurations are vulnerable. Non-Linux platforms are more widely vulnerable...
Linux Distros Unpatched Vulnerability : CVE-2026-41035
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In rsync 3.0.1 through 3.4.1, receivexattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run...