Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Fedora 43 rsync Important Use-After-Free Fix CVE-2026-41035

fedora
Calendar Grey May 21, 2026
Dist Fedora Esm H88
Fixes for bugs and security issues in Fedora 43 rsync, addressing use-after-free vulnerabilities.
Fixing various bugs from Upstream

Summary

Rsync uses a reliable algorithm to bring remote and host files into

sync very quickly. Rsync is fast because it just sends the differences

in the files over the network instead of sending the complete

files. Rsync is often used as a very powerful mirroring process or

just as a more capable replacement for the rcp command. A technical

report which describes the rsync algorithm is included in this

package.

Update Information:

Fixing various bugs from Upstream. I did not do a rebase since the Upstream stopped supporting the rsync-patches repo. I accepted this change in Rawhide but it changes the usage of one option that is no longer available in rsync. This is why I avoided the rebase in older stable branches.

Change Log

* Wed May 6 2026 Michal Ruprich - 3.4.1-6 - Fix for CVE-2026-41035 - Fixing bad time in rsync logs - Fixing regression from CVE-2024-12086 fix - Fixing improper clearing of DISPLAY env variable

References


[ 1 ] Bug #2339145 - failed verification -- update discarded - regression from CVE fixes https://bugzilla.redhat.com/show_bug.cgi?id=2339145 [ 2 ] Bug #2417003 - Bad time in rsync daemon log https://bugzilla.redhat.com/show_bug.cgi?id=2417003 [ 3 ] Bug #2459115 - CVE-2026-41035 rsync: Rsync: Use-after-free vulnerability in extended attribute handling [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2459115

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-d4d8ae2bdc' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: rsync
Product: Fedora 43
Version: 3.4.1
Release: 6.fc43
Summary: A program for synchronizing files over a network

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here