Alerts This Week
Warning Icon 1 652
Alerts This Week
Warning Icon 1 652

Ubuntu rsync Important Threats Denial of Service USN-8349-1

ubuntu
Calendar Grey June 1, 2026
Dist Ubuntu Esm H88
Updates are required for rsync in Ubuntu for several critical issues leading to denial of service and privilege escalation.
Several security issues were fixed in rsync.

Summary

Several security issues were fixed in rsync.

Software Description:

- rsync: fast, versatile, remote (and local) file-copying tool

Details:

Calum Hutton discovered that rsync contained a heap-based out-of-bounds

read when handling file transfers. A remote attacker with read access

to an rsync server could possibly use this issue to cause a denial of

service. (CVE-2025-10158)

Batuhan Sancak, Damien Neil, and Michael Stapelberg discovered that

rsync daemons configured without chroot protection were exposed to a

race condition on parent path components. A local attacker with write

access to a module could possibly use this issue to overwrite files,

obtain sensitive information, or escalate privileges.

(CVE-2026-29518)

It was discovered that rsync did not properly validate a length value

while sorting extended attributes. An attacker could possibly use this

issue to cause a denial of service. (CVE-2026-41035)

It was discovered that rsync performed reverse-DNS lookups after

chrooti...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service critical privilege escalation Ubuntu rsync

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
  rsync                           3.1.3-8ubuntu0.9+esm1
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  rsync                           3.1.2-2.1ubuntu1.6+esm3
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  rsync                           3.1.1-3ubuntu1.3+esm5
                                  Available with Ubuntu Pro

Ubuntu 14.04 LTS
  rsync                           3.1.0-2ubuntu0.4+esm3
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.
After a standard system update you need to restart rsync daemons if configured
to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8349-1

CVE-2025-10158, CVE-2026-29518, CVE-2026-41035, CVE-2026-43617,

CVE-2026-43618, CVE-2026-43619, CVE-2026-43620, CVE-2026-45232

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8349-1

Topics%20covered

Topics Covered

security advisory denial of service critical privilege escalation Ubuntu rsync

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here