Release date:
2026-05-29 14:59:29 UTC
Description:
- CVE-2026-41035: fix use-after-free in receive_xattr() caused by qsort()
being called with a stale local 'count' variable instead of the live
temp_xattr.count after the rxa list was rebuilt; victim runs rsync with
-X / --xattrs (lifted verbatim from upstream rsync 968d4c0c)
Updated packages:
-
rsync-3.2.5-3.el9_6.tuxcare.els7.x86_64.rpm
sha:d485c0699fbf4f825b4d0afd08f44d64279b01b961752e72bd308cf3a7d02d4a
-
rsync-daemon-3.2.5-3.el9_6.tuxcare.els7.noarch.rpm
sha:738dc707ce403dd0af44c91192be936bad6b3fdbeddcd70d35aa22527f0dc1b4
-
rsync-rrsync-3.2.5-3.el9_6.tuxcare.els7.noarch.rpm
sha:3884dfee591c441cf57fe4ab4ec4f1c46325cdd0ff2b4cbb2483b9a6b9fedf92
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
