Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 488
Alerts This Week
Warning Icon 1 488

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 176 articles for you...
217

Oracle Linux 9 rsync Important ELSA-2026-19368 Integer Overflow TOCTOU

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-19368 http://linux.oracle.com/errata/ELSA-2026-19368.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: rsync-3.2.5-7.el9_8.2.x86_64.rpm rsync-daemon-3.2.5-7.el9_8.2.noarch.rpm rsync-rrsync-3.2.5-7.el9_8.2.noarch.rpm aarch64: rsync-3.2.5-7.el9_8.2.aarch64.rpm rsync-daemon-3.2.5-7.el9_8.2.noarch.rpm rsync-rrsync-3.2.5-7.el9_8.2.noarch.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/rsync-3.2.5-7.el9_8.2.src.rpm Related CVEs: CVE-2024-12086 CVE-2026-41035 Description of changes: [3.2.5-7.2] - Fix integer overflow in compressed-token decoding (CVE-2026-43618) - Resolves: RHEL-174932 [3.2.5-7.1] - Fix TOCTOU symlink race in daemon no-chroot mode (CVE-2026-29518) - Resolves: RHEL-174952 [3.2.5-4] - Resolves: RHEL-104404 - Do not clear DISPLAY unconditionally _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux Security Advisory ELSA-2026-19368 addresses security flaws in rsync with recommended updates.. Oracle Linux, Security Advisory, rsync updates, integer overflow, TOCTOU race condition. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 30, 2026 Important Oracle
217

Oracle Linux 9 rsync Important Integer Overflow Advisory ELSA-2026-26410

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-26410 http://linux.oracle.com/errata/ELSA-2026-26410.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: rsync-3.2.5-7.el9_8.2.x86_64.rpm rsync-daemon-3.2.5-7.el9_8.2.noarch.rpm rsync-rrsync-3.2.5-7.el9_8.2.noarch.rpm aarch64: rsync-3.2.5-7.el9_8.2.aarch64.rpm rsync-daemon-3.2.5-7.el9_8.2.noarch.rpm rsync-rrsync-3.2.5-7.el9_8.2.noarch.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/rsync-3.2.5-7.el9_8.2.src.rpm Related CVEs: CVE-2026-29518 CVE-2026-43618 Description of changes: [3.2.5-7.2] - Fix integer overflow in compressed-token decoding (CVE-2026-43618) - Resolves: RHEL-174932 [3.2.5-7.1] - Fix TOCTOU symlink race in daemon no-chroot mode (CVE-2026-29518) - Resolves: RHEL-174952 [3.2.5-4] - Resolves: RHEL-104404 - Do not clear DISPLAY unconditionally _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Updated rsync packages for Oracle Linux 9 address critical issues including integer overflow. Ensure your systems are patched!. Oracle Linux, rsync update, integer overflow, security fixes, patch advisory. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 26, 2026 Important Oracle
89

Fedora 43 Rsync Critical Denial of Service Vulnerability 2026-a04e445b3f

New version 3.4.4 with multiple regression fixes. This update also fixes the following CVEs: CVE-2026-29518 CVE-2026-43617 CVE-2026-43618 CVE-2026-43619 CVE-2026-43620 CVE-2026-45232. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-a04e445b3f 2026-06-26 01:14:26.672392+00:00 -------------------------------------------------------------------------------- Name : rsync Product : Fedora 43 Version : 3.4.4 Release : 1.fc43 URL : https://rsync.samba.org/ Summary : A program for synchronizing files over a network Description : Rsync uses a reliable algorithm to bring remote and host files into sync very quickly. Rsync is fast because it just sends the differences in the files over the network instead of sending the complete files. Rsync is often used as a very powerful mirroring process or just as a more capable replacement for the rcp command. A technical report which describes the rsync algorithm is included in this package. -------------------------------------------------------------------------------- Update Information: New version 3.4.4 with multiple regression fixes. This update also fixes the following CVEs: CVE-2026-29518 CVE-2026-43617 CVE-2026-43618 CVE-2026-43619 CVE-2026-43620 CVE-2026-45232 -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 8 2026 Michal Ruprich - 3.4.4-1 - New version 3.4.4 * Fri May 29 2026 Michal Ruprich - 3.4.3-1 - New version 3.4.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2463360 - rsync-3.4.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2463360 [ 2 ] Bug #2480388 - CVE-2026-45232 rsync: Rsync: Denial of Service via malformed HTTP proxy response [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2480388 [ 3 ] Bug #2486185 - rsync-3.4.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2486185 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-a04e445b3f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . This advisory covers critical updates for rsync in Fedora 43 addressing multiple security issues.. Rsync 3.4.4, Fedora security update, Denial of Service fix, rsync vulnerabilities. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 25, 2026 Critical Fedora
219

Rocky Linux 10 RLSA-2026-26332 rsync Important Remote Disclosure

Important: rsync security, bug fix, and enhancement update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:26332", "synopsis": "Important: rsync security, bug fix, and enhancement update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for rsync.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool.\n\nSecurity Fix(es):\n\n* rsync: rsync: Remote memory disclosure via integer overflow in compressed-token decoding (CVE-2026-43618)\n\n* rsync: TOCTOU symlink race condition allowing local privilege escalation in daemon mode without chroot. (CVE-2026-29518)\n\nBug Fix(es) and Enhancement(s):\n\n* Rebase rsync to version 3.4.4 in Rocky Linux10 (JIRA:Rocky Linux-181630)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2469054", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2469054", "description": ""}, {"ticket": "2469055", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2469055", "description": ""}], "cves": [{"name": "CVE-2026-29518", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29518", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-367"}, {"name": "CVE-2026-43618", "sourceBy": "MITRE", "sourceLink":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43618", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.1", "cwe": "CWE-190"}], "references": [], "publishedAt": "2026-06-19T06:04:41.448408Z", "rpms": {"Rocky Linux 10": {"nvras": ["rsync-debugsource-0:3.4.4-1.el10_2.s390x.rpm", "rsync-0:3.4.4-1.el10_2.aarch64.rpm", "rsync-daemon-0:3.4.4-1.el10_2.noarch.rpm", "rsync-0:3.4.4-1.el10_2.s390x.rpm", "rsync-0:3.4.4-1.el10_2.ppc64le.rpm", "rsync-debugsource-0:3.4.4-1.el10_2.ppc64le.rpm", "rsync-debuginfo-0:3.4.4-1.el10_2.aarch64.rpm", "rsync-rrsync-0:3.4.4-1.el10_2.noarch.rpm", "rsync-0:3.4.4-1.el10_2.x86_64.rpm", "rsync-debugsource-0:3.4.4-1.el10_2.aarch64.rpm", "rsync-debuginfo-0:3.4.4-1.el10_2.x86_64.rpm", "rsync-debuginfo-0:3.4.4-1.el10_2.s390x.rpm", "rsync-debugsource-0:3.4.4-1.el10_2.x86_64.rpm", "rsync-0:3.4.4-1.el10_2.src.rpm", "rsync-debuginfo-0:3.4.4-1.el10_2.ppc64le.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Important rsync security update fixes remote memory disclosure and local privilege escalation issues in Rocky Linux 10.. rsync security update, important rsync update, local privilege escalation, remote access exploit, rocky linux advisory. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 19, 2026 Important Rocky Linux
217

Oracle Linux 8 rsync Important Integer Overflow TOCTOU ELSA-2026-26408

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-26408 http://linux.oracle.com/errata/ELSA-2026-26408.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: rsync-3.1.3-27.el8_10.x86_64.rpm rsync-daemon-3.1.3-27.el8_10.noarch.rpm aarch64: rsync-3.1.3-27.el8_10.aarch64.rpm rsync-daemon-3.1.3-27.el8_10.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/rsync-3.1.3-27.el8_10.src.rpm Related CVEs: CVE-2026-29518 CVE-2026-43618 Description of changes: [3.1.3-27] - Integer overflow in compressed-token decoding (CVE-2026-43618) - Resolves: RHEL-174951 [3.1.3-26] - Resolves: RHEL-174950 - CVE-2026-29518 - TOCTOU symlink race in non-chrooted daemon modules _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux 8 updated rsync packages address important security flaws including integer overflow and symlink race.. Oracle Linux Security Advisory, rsync update, Important security issues. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 18, 2026 Important Oracle
219

Rocky Linux rsync Important Remote Disclosure Risk RLSA-2026-26410

Important: rsync security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:26410", "synopsis": "Important: rsync security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for rsync.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool.\n\nSecurity Fix(es):\n\n* rsync: rsync: Remote memory disclosure via integer overflow in compressed-token decoding (CVE-2026-43618)\n\n* rsync: TOCTOU symlink race condition allowing local privilege escalation in daemon mode without chroot. (CVE-2026-29518)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2469054", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2469054", "description": ""}, {"ticket": "2469055", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2469055", "description": ""}], "cves": [{"name": "CVE-2026-29518", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29518", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-367"}, {"name": "CVE-2026-43618", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43618", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.1", "cwe": "CWE-190"}], "references": [], "publishedAt":"2026-06-17T12:03:08.073041Z", "rpms": {"Rocky Linux 9": {"nvras": ["rsync-daemon-0:3.2.5-7.el9_8.2.noarch.rpm", "rsync-debuginfo-0:3.2.5-7.el9_8.2.aarch64.rpm", "rsync-debuginfo-0:3.2.5-7.el9_8.2.ppc64le.rpm", "rsync-debuginfo-0:3.2.5-7.el9_8.2.s390x.rpm", "rsync-debuginfo-0:3.2.5-7.el9_8.2.x86_64.rpm", "rsync-debugsource-0:3.2.5-7.el9_8.2.aarch64.rpm", "rsync-0:3.2.5-7.el9_8.2.aarch64.rpm", "rsync-0:3.2.5-7.el9_8.2.ppc64le.rpm", "rsync-0:3.2.5-7.el9_8.2.s390x.rpm", "rsync-0:3.2.5-7.el9_8.2.src.rpm", "rsync-0:3.2.5-7.el9_8.2.x86_64.rpm", "rsync-debugsource-0:3.2.5-7.el9_8.2.ppc64le.rpm", "rsync-debugsource-0:3.2.5-7.el9_8.2.s390x.rpm", "rsync-debugsource-0:3.2.5-7.el9_8.2.x86_64.rpm", "rsync-rrsync-0:3.2.5-7.el9_8.2.noarch.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Explore the important rsync security update for Rocky Linux 9 to mitigate critical risks from vulnerabilities.. rsync update, Rocky Linux, security advisory, important, remote access issues. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 17, 2026 Important Rocky Linux
172

Ubuntu 20.04 LTS rsync Significant Denial Of Service Resolutions USN-8349-3

USN-8349-1 introduced regressions in rsync.. ========================================================================== Ubuntu Security Notice USN-8349-3 June 16, 2026 rsync regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: USN-8349-1 introduced regressions in rsync. Software Description: - rsync: fast, versatile, remote (and local) file-copying tool Details: USN-8349-1 fixed vulnerabilities in rsync. Unfortunately that update introduced multiple regressions in rsync functionality. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Calum Hutton discovered that rsync contained a heap-based out-of-bounds read when handling file transfers. A remote attacker with read access to an rsync server could possibly use this issue to cause a denial of service. (CVE-2025-10158) Batuhan Sancak, Damien Neil, and Michael Stapelberg discovered that rsync daemons configured without chroot protection were exposed to a race condition on parent path components. A local attacker with write access to a module could possibly use this issue to overwrite files, obtain sensitive information, or escalate privileges. (CVE-2026-29518) It was discovered that rsync did not properly validate a length value while sorting extended attributes. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-41035) It was discovered that rsync performed reverse-DNS lookups after chrooting in some daemon configurations. A remote attacker could possibly use this issue to bypass hostname-based access controls and access network services. (CVE-2026-43617) Omar Elsayed discovered that rsync did not properly check for integer overflows while decoding compressed tokens. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-43618) Andrew Tridgell discovered that rsync did not fully fix a symlink race condition in path-based system calls for daemons configured without chroot protection. A local attacker could possibly use this issue to overwrite files, obtain sensitive information, or escalate privileges. (CVE-2026-43619) Pratham Gupta discovered that rsync did not properly validate an index while processing file lists. A remote attacker could possibly use this issue to cause rsync to crash, resulting in a denial of service. (CVE-2026-43620) Michal Ruprich discovered that rsync contained an off-by-one error while handling HTTP proxy responses. An attacker able to intercept network communications or a malicious proxy server could possibly use this issue to cause a denial of service. (CVE-2026-45232) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS rsync 3.1.3-8ubuntu0.9+esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS rsync 3.1.2-2.1ubuntu1.6+esm4 Available with Ubuntu Pro Ubuntu 16.04 LTS rsync 3.1.1-3ubuntu1.3+esm6 Available with Ubuntu Pro Ubuntu 14.04 LTS rsync 3.1.0-2ubuntu0.4+esm4 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. After a standard system update you need to restart rsync daemons to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8349-3 https://ubuntu.com/security/notices/USN-8349-2 https://ubuntu.com/security/notices/USN-8349-1 https://launchpad.net/bugs/2155874 . Critical updates with fixes for rsync regressions in Ubuntu 20.04 to 14.04 LTS addressing security issues.. rsync updates, Ubuntu security, rsync patch, system updates, security issues. . Severity: Important.LinuxSecurity.com Team

Calendar%202 Jun 16, 2026 Important Ubuntu
100

SUSE Rsync Important Security Update for Multiple Issues 2026-22015-1

An update that solves eight vulnerabilities can now be installed.. # Security update for rsync Announcement ID: SUSE-SU-2026:22015-1 Release Date: 2026-06-02T09:13:41Z Rating: important References: * bsc#1254441 * bsc#1262223 * bsc#1264511 * bsc#1264512 * bsc#1264513 * bsc#1264514 * bsc#1264515 * bsc#1265296 Cross-References: * CVE-2025-10158 * CVE-2026-29518 * CVE-2026-41035 * CVE-2026-43617 * CVE-2026-43618 * CVE-2026-43619 * CVE-2026-43620 * CVE-2026-45232 CVSS scores: * CVE-2025-10158 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-10158 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-29518 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-29518 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-29518 ( NVD ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-29518 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-41035 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-41035 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-41035 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-41035 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L * CVE-2026-43617 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-43617 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-43617 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-43617 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-43618 ( SUSE ): 6.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-43618 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-43618 ( NVD ): 6.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-43618 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-43619 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-43619 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-43619 ( NVD ): 7.2 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-43619 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-43620 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-43620 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-43620 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-43620 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-43620 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-45232 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-45232 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2026-45232 ( NVD ): 2.1 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-45232 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-45232 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * SUSE LinuxEnterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for rsync fixes the following issues * CVE-2025-10158: Out of bounds array access via negative index (bsc#1254441). * CVE-2026-29518: Symlink-Race TOCTOU in Daemon (use chroot = no) (bsc#1264511). * CVE-2026-41035: count of entries mismatch can lead to a use-after-free (bsc#1262223). * CVE-2026-43617: Authorization Bypass via Hostname Resolution (bsc#1264515). * CVE-2026-43618: Integer Overflow Information Disclosure (bsc#1264512). * CVE-2026-43619: Symlink Race Condition via Path-Based Syscalls (bsc#1264514). * CVE-2026-43620: Out-of-Bounds Array Read via recv_files() (bsc#1264513). * CVE-2026-45232: Off-by-one stack OOB write in HTTP CONNECT proxy response parsing (bsc#1265296). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-867=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-867=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * rsync-debugsource-3.4.1-160000.4.1 * rsync-3.4.1-160000.4.1 * rsync-debuginfo-3.4.1-160000.4.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * rsync-debugsource-3.4.1-160000.4.1 * rsync-3.4.1-160000.4.1 * rsync-debuginfo-3.4.1-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2025-10158.html * https://www.suse.com/security/cve/CVE-2026-29518.html * https://www.suse.com/security/cve/CVE-2026-41035.html * https://www.suse.com/security/cve/CVE-2026-43617.html * https://www.suse.com/security/cve/CVE-2026-43618.html *https://www.suse.com/security/cve/CVE-2026-43619.html * https://www.suse.com/security/cve/CVE-2026-43620.html * https://www.suse.com/security/cve/CVE-2026-45232.html * https://bugzilla.suse.com/show_bug.cgi?id=1254441 * https://bugzilla.suse.com/show_bug.cgi?id=1262223 * https://bugzilla.suse.com/show_bug.cgi?id=1264511 * https://bugzilla.suse.com/show_bug.cgi?id=1264512 * https://bugzilla.suse.com/show_bug.cgi?id=1264513 * https://bugzilla.suse.com/show_bug.cgi?id=1264514 * https://bugzilla.suse.com/show_bug.cgi?id=1264515 * https://bugzilla.suse.com/show_bug.cgi?id=1265296 . SUSE updates to fix rsync issues, addressing eight vulnerabilities including important fix for use-after-free.. SUSE Linux, rsync updates, security issues, patch management, Linux updates. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 08, 2026 Important SuSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200