Mageia 9 rsync Critical Update for DoS Vulnerability CVE-2026-41035

mageia

April 18, 2026

MGASA-2026-0101 - Updated rsync packages fix security vulnerability

Summary

Description: In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are more widely vulnerable. (CVE-2026-41035)

References

- https://bugs.mageia.org/show_bug.cgi?id=35373

- https://www.openwall.com/lists/oss-security/2026/04/16/2

- https://www.openwall.com/lists/oss-security/2026/04/16/9

- https://github.com/RsyncProject/rsync/issues/871

- https://www.cve.org/CVERecord?id=CVE-2026-41035

Topics Covered

security advisory buffer overflow DoS rsync fix Mageia

Resolution

SRPMS

- 9/core/rsync-3.2.7-1.4.mga9

Severity

critical

Lowest

Low

Medium

High

Critical

Publication date: 18 Apr 2026

URL: https://advisories.mageia.org/MGASA-2026-0101.html

Type: security

CVE: CVE-2026-41035

Topics Covered

security advisory buffer overflow DoS rsync fix Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Mageia 9 rsync Critical Update for DoS Vulnerability CVE-2026-41035

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Mageia 9 rsync Critical Update for DoS Vulnerability CVE-2026-41035

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!