Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 8 articles for you...
219
security advisorymoderatesecurity updateCentrOS 9 Syncthing Safety Patch RLSA-2026-8924 CVE-2025-10235
Moderate: rsync security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:6825", "synopsis": "Moderate: rsync security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for rsync.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool.\n\nSecurity Fix(es):\n\n* rsync: Rsync: Out of bounds array access via negative index (CVE-2025-10158)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2415637", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2415637", "description": ""}], "cves": [{"name": "CVE-2025-10158", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10158", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "cvss3BaseScore": "4.3", "cwe": "CWE-129"}], "references": [], "publishedAt": "2026-04-09T12:07:05.484110Z", "rpms": {"Rocky Linux 10": {"nvras": ["rsync-daemon-0:3.4.1-2.el10_1.2.noarch.rpm", "rsync-debugsource-0:3.4.1-2.el10_1.2.aarch64.rpm", "rsync-0:3.4.1-2.el10_1.2.x86_64.rpm", "rsync-0:3.4.1-2.el10_1.2.src.rpm", "rsync-rrsync-0:3.4.1-2.el10_1.2.noarch.rpm", "rsync-0:3.4.1-2.el10_1.2.ppc64le.rpm", "rsync-debugsource-0:3.4.1-2.el10_1.2.ppc64le.rpm", "rsync-0:3.4.1-2.el10_1.2.s390x.rpm", "rsync-0:3.4.1-2.el10_1.2.aarch64.rpm", "rsync-debuginfo-0:3.4.1-2.el10_1.2.x86_64.rpm","rsync-debuginfo-0:3.4.1-2.el10_1.2.aarch64.rpm", "rsync-debugsource-0:3.4.1-2.el10_1.2.s390x.rpm", "rsync-debuginfo-0:3.4.1-2.el10_1.2.ppc64le.rpm", "rsync-debugsource-0:3.4.1-2.el10_1.2.x86_64.rpm", "rsync-debuginfo-0:3.4.1-2.el10_1.2.s390x.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Update available: Moderate rsync security fixes for Rocky Linux 10 guard against array access issues. Stay protected!. Rsync Security, Rocky Linux 10 Update, File Synchronization Fixes, Moderate Security Advisory. . LinuxSecurity.com Team
Apr 09, 2026
Rocky Linux
89
security advisorysecurity issuecriticalFedora 40: FEDORA-2024-4d24786142 Critical: syncthing file sync issues
Update to version 1.28.0. Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.28.0. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-4d24786142 2024-11-06 04:49:15.942027 -------------------------------------------------------------------------------- Name : syncthing Product : Fedora 40 Version : 1.28.0 Release : 1.fc40 URL : https://syncthing.net Summary : Continuous File Synchronization Description : Syncthing replaces other file synchronization services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third party and how it's transmitted over the Internet. Using syncthing, that control is returned to you. This package contains the syncthing client binary and systemd services. -------------------------------------------------------------------------------- Update Information: Update to version 1.28.0. Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.28.0 -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 28 2024 Fabio Valentini - 1.28.0-1 - Update to version 1.28.0; Fixes RHBZ#2319211 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2292676 - CVE-2024-24789 syncthing: golang: archive/zip: Incorrect handling of certain ZIP files [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2292676 [ 2 ] Bug #2292720 - CVE-2024-24789 syncthing: golang: archive/zip: Incorrect handling of certain ZIP files [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2292720 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-4d24786142' at the command line. For moreinformation, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Nov 06, 2024
•Critical
Fedora
89
security advisoryupdateFedoraFedora 41: FEDORA-2024-aa6e72c713 moderate: Fix for ZIP Handling Issue
Update to version 1.28.0. Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.28.0. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-aa6e72c713 2024-11-06 03:51:37.801150 -------------------------------------------------------------------------------- Name : syncthing Product : Fedora 41 Version : 1.28.0 Release : 1.fc41 URL : https://syncthing.net Summary : Continuous File Synchronization Description : Syncthing replaces other file synchronization services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third party and how it's transmitted over the Internet. Using syncthing, that control is returned to you. This package contains the syncthing client binary and systemd services. -------------------------------------------------------------------------------- Update Information: Update to version 1.28.0. Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.28.0 -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 28 2024 Fabio Valentini - 1.28.0-1 - Update to version 1.28.0; Fixes RHBZ#2319211 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2292676 - CVE-2024-24789 syncthing: golang: archive/zip: Incorrect handling of certain ZIP files [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2292676 [ 2 ] Bug #2292720 - CVE-2024-24789 syncthing: golang: archive/zip: Incorrect handling of certain ZIP files [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2292720 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-aa6e72c713' at the command line. For moreinformation, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Nov 06, 2024
Fedora
89
security advisoryfedorasoftware releaseFedora 39 FEDORA-2023-0d46257314 Critical: Syncthing 1.26.0 Security Update
Update to version 1.26.0. Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.26.0. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-0d46257314 2023-11-18 01:37:22.840201 -------------------------------------------------------------------------------- Name : syncthing Product : Fedora 39 Version : 1.26.0 Release : 1.fc39 URL : https://syncthing.net Summary : Continuous File Synchronization Description : Syncthing replaces other file synchronization services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third party and how it's transmitted over the Internet. Using syncthing, that control is returned to you. This package contains the syncthing client binary and systemd services. -------------------------------------------------------------------------------- Update Information: Update to version 1.26.0. Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.26.0 -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 9 2023 Fabio Valentini - 1.26.0-1 - Update to version 1.26.0; Fixes RHBZ#2248507 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2248412 - syncthing: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2248412 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-0d46257314' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key.More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Nov 18, 2023
•Critical
Fedora
89
security advisoryupdatecriticalFedora 38: FEDORA-2023-d58c8eeb7c Critical: Syncthing File Sync Issue
Update to version 1.26.0. Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.26.0. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-d58c8eeb7c 2023-11-18 01:25:52.283227 -------------------------------------------------------------------------------- Name : syncthing Product : Fedora 38 Version : 1.26.0 Release : 1.fc38 URL : https://syncthing.net Summary : Continuous File Synchronization Description : Syncthing replaces other file synchronization services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third party and how it's transmitted over the Internet. Using syncthing, that control is returned to you. This package contains the syncthing client binary and systemd services. -------------------------------------------------------------------------------- Update Information: Update to version 1.26.0. Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.26.0 -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 9 2023 Fabio Valentini - 1.26.0-1 - Update to version 1.26.0; Fixes RHBZ#2248507 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2248412 - syncthing: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2248412 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-d58c8eeb7c' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key.More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Nov 18, 2023
•Critical
Fedora
89
security advisoryFedoracritical updateFedora 37: FEDORA-2023-70eb8ba61e Critical: Syncthing 1.23.0 Update
Update to version 1.23.0. Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.23.0 Additionally, this update was built with a version of golang that addresses CVE-2022-41717, and it fixes the installation of icon files.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-70eb8ba61e 2023-02-04 01:29:37.784391 --------------------------------------------------------------------------------Name : syncthing Product : Fedora 37 Version : 1.23.0 Release : 2.fc37 URL : https://syncthing.net Summary : Continuous File Synchronization Description : Syncthing replaces other file synchronization services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third party and how it's transmitted over the Internet. Using syncthing, that control is returned to you. This package contains the syncthing client binary and systemd services. --------------------------------------------------------------------------------Update Information: Update to version 1.23.0. Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.23.0 Additionally, this update was built with a version of golang that addresses CVE-2022-41717, and it fixes the installation of icon files. --------------------------------------------------------------------------------ChangeLog: * Thu Jan 26 2023 Justin Koh - 1.23.0-2 - Install desktop file icons to correct locations * Thu Jan 26 2023 Fabio Valentini - 1.23.0-1 - Update to version 1.23.0; Fixes RHBZ#2139321 --------------------------------------------------------------------------------References: [ 1 ] Bug #2139321 - syncthing-1.23.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2139321 --------------------------------------------------------------------------------This update can be installed with the "dnf" updateprogram. Use su -c 'dnf upgrade --advisory FEDORA-2023-70eb8ba61e' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Feb 04, 2023
•Critical
Fedora
89
security advisorymoderateinstallation fixFedora 36: 2023-6d71ff268e Moderate: Syncthing 1.23.0 Installation Fix
Update to version 1.23.0. Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.23.0 Additionally, this update was built with a version of golang that addresses CVE-2022-41717, and it fixes the installation of icon files.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-6d71ff268e 2023-02-04 01:16:02.743615 --------------------------------------------------------------------------------Name : syncthing Product : Fedora 36 Version : 1.23.0 Release : 2.fc36 URL : https://syncthing.net Summary : Continuous File Synchronization Description : Syncthing replaces other file synchronization services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third party and how it's transmitted over the Internet. Using syncthing, that control is returned to you. This package contains the syncthing client binary and systemd services. --------------------------------------------------------------------------------Update Information: Update to version 1.23.0. Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.23.0 Additionally, this update was built with a version of golang that addresses CVE-2022-41717, and it fixes the installation of icon files. --------------------------------------------------------------------------------ChangeLog: * Thu Jan 26 2023 Justin Koh - 1.23.0-2 - Install desktop file icons to correct locations * Thu Jan 26 2023 Fabio Valentini - 1.23.0-1 - Update to version 1.23.0; Fixes RHBZ#2139321 --------------------------------------------------------------------------------References: [ 1 ] Bug #2139321 - syncthing-1.23.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2139321 --------------------------------------------------------------------------------This update can be installed with the "dnf" updateprogram. Use su -c 'dnf upgrade --advisory FEDORA-2023-6d71ff268e' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Feb 04, 2023
Fedora
98
security advisorymoderateRed HatRed Hat Enterprise Linux 9 RHSA-2022:8291-01 Moderate: Rsync Issue
An update for rsync is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: rsync security and bug fix update Advisory ID: RHSA-2022:8291-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:8291 Issue date: 2022-11-15 CVE Names: CVE-2022-37434 ==================================================================== 1. Summary: An update for rsync is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - noarch Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fix(es): * zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field (CVE-2022-37434) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the RedHat Enterprise Linux 9.1 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2053198 - rsync segmentation fault 2077431 - Read-only files that have changed xattrs fail to allow xattr changes [rhel-9] 2081296 - Enable fmf tests in centos stream 2116639 - CVE-2022-37434 zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): noarch: rsync-daemon-3.2.3-18.el9.noarch.rpm Red Hat Enterprise Linux BaseOS (v. 9): Source: rsync-3.2.3-18.el9.src.rpm aarch64: rsync-3.2.3-18.el9.aarch64.rpm rsync-debuginfo-3.2.3-18.el9.aarch64.rpm rsync-debugsource-3.2.3-18.el9.aarch64.rpm ppc64le: rsync-3.2.3-18.el9.ppc64le.rpm rsync-debuginfo-3.2.3-18.el9.ppc64le.rpm rsync-debugsource-3.2.3-18.el9.ppc64le.rpm s390x: rsync-3.2.3-18.el9.s390x.rpm rsync-debuginfo-3.2.3-18.el9.s390x.rpm rsync-debugsource-3.2.3-18.el9.s390x.rpm x86_64: rsync-3.2.3-18.el9.x86_64.rpm rsync-debuginfo-3.2.3-18.el9.x86_64.rpm rsync-debugsource-3.2.3-18.el9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-37434 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBY3Pg19zjgjWX9erEAQgpRQ/7Bj65nEV0SOIx0sJi2b1JhwxkdT89C2mS Xrj2gh3HU92CQpiJZuvDydU3zLbq7OABNznifdKVPsJ+Zth+N4Vrssqzuqb5ztue C4stYAdqzZ/quoI5Ou1VTiYBRkoU8EV2YnfXlclgYf4Zgsswr4MqlWXf9aRS90vN /Xz8YaI51hejuSVBjoQA97PyYs+uPQfY1s/HSS/kzZm3jyWr0Akx4BdN1XMgKbe0 K40sip6tee9GvNHXwZ/sLZFs8q/u/7ZzQDfUM0zyYPWCVyIsWixADR8biF2NHRq0 SeGSoyw7sycPr+S3eIQ0+VNw001n4Gvpj+sHYOzJhNrtUW6989PMM6Z+poM1xNl0 Nib5PFqZZcOzyH9N4Hzy4OBcYOkdCUXm6c+K+GN1gPPxloq07FSFihEltlDIuufy eWzVRR53mjrLwOEn3GnWidgJ+znuAKxyZws8PlGctbKg/2y0PRoDJry9s9HiSWDJ 5y//A1m/mOnkoDOU32rW5lu3XceApph8MlBVqB03qjpj8HCBHvOKiZf8AMJQ5SoH pDLoR4gzEk2xmei0QtlRXhWxtjgeTNUuoTJyMqxgvHoaEWabpjJxNGrd4y7vDbM/ PsXooDGL02mBzthJZ19mZfVZjzd4lNhq7CLsXgq7MpDB9dq4tQP3EJXoUwrmeflT f1EaczpMC/0=Q58l -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 15, 2022
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!