Stay Secure with the Latest Linux Advisories

security advisoryprivilege escalationimportant

Rocky Linux Rsync Important Remote Memory Issues RLSA-2026-26410

Important: rsync security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:26410", "synopsis": "Important: rsync security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for rsync.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool.\n\nSecurity Fix(es):\n\n* rsync: rsync: Remote memory disclosure via integer overflow in compressed-token decoding (CVE-2026-43618)\n\n* rsync: TOCTOU symlink race condition allowing local privilege escalation in daemon mode without chroot. (CVE-2026-29518)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2469054", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2469054", "description": ""}, {"ticket": "2469055", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2469055", "description": ""}], "cves": [{"name": "CVE-2026-29518", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29518", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-367"}, {"name": "CVE-2026-43618", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43618", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.1", "cwe": "CWE-190"}], "references": [], "publishedAt":"2026-06-17T12:03:08.073041Z", "rpms": {"Rocky Linux 9": {"nvras": ["rsync-daemon-0:3.2.5-7.el9_8.2.noarch.rpm", "rsync-debuginfo-0:3.2.5-7.el9_8.2.aarch64.rpm", "rsync-debuginfo-0:3.2.5-7.el9_8.2.ppc64le.rpm", "rsync-debuginfo-0:3.2.5-7.el9_8.2.s390x.rpm", "rsync-debuginfo-0:3.2.5-7.el9_8.2.x86_64.rpm", "rsync-debugsource-0:3.2.5-7.el9_8.2.aarch64.rpm", "rsync-0:3.2.5-7.el9_8.2.aarch64.rpm", "rsync-0:3.2.5-7.el9_8.2.ppc64le.rpm", "rsync-0:3.2.5-7.el9_8.2.s390x.rpm", "rsync-0:3.2.5-7.el9_8.2.src.rpm", "rsync-0:3.2.5-7.el9_8.2.x86_64.rpm", "rsync-debugsource-0:3.2.5-7.el9_8.2.ppc64le.rpm", "rsync-debugsource-0:3.2.5-7.el9_8.2.s390x.rpm", "rsync-debugsource-0:3.2.5-7.el9_8.2.x86_64.rpm", "rsync-rrsync-0:3.2.5-7.el9_8.2.noarch.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Stay informed about the critical rsync updates on Rocky Linux to prevent potential issues.. Rsync Security Update, Rocky Linux Advisory, Important Security Notices, Remote Memory Disclosure. . Severity: Important. LinuxSecurity.com Team

Jun 17, 2026 •Important Rocky Linux