Alerts This Week
Warning Icon 1 1,529
Alerts This Week
Warning Icon 1 1,529

Fedora 44 Rclone Critical Denial of Service Issues 2026-6145ae14ca

fedora
Calendar Grey July 1, 2026
Dist Fedora Esm H88
Update to rclone 1.74.3 addresses multiple critical issues, including denial of service vulnerabilities.
Update to 1.74.3

Summary

"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Drive,

Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex

Files.

Update Information:

Update to 1.74.3

Change Log

* Sat Jun 6 2026 Packit - 1.74.3-1 - Update to 1.74.3 upstream release - Resolves: rhbz#2485621 * Sat May 23 2026 Packit - 1.74.2-1 - Update to 1.74.2 upstream release - Resolves: rhbz#2468412

References


[ 1 ] Bug #2486295 - CVE-2026-45287 rclone: OpenTelemetry-Go: Denial of Service due to file descriptor leak [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2486295 [ 2 ] Bug #2489905 - CVE-2026-39828 rclone: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2489905 [ 3 ] Bug #2490091 - CVE-2026-39829 rclone: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490091 [ 4 ] Bug #2490402 - CVE-2026-39830 rclone: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2490402

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-6145ae14ca' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: rclone
Product: Fedora 44
Version: 1.74.3
Release: 1.fc44
Summary: Rsync for cloud storage

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here