rsync-3.1.3-25.el8_10
エラータID: AXSA:2026-627:03
The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool.
Security Fix(es):
* rsync: Rsync: Use-after-free vulnerability in extended attribute handling (CVE-2026-41035)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2026-41035
In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are more widely vulnerable.
Update packages.
In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are more widely vulnerable.
N/A
SRPMS
- rsync-3.1.3-25.el8_10.src.rpm
MD5: c1a984034c77d2516d11cac401fd64ad
SHA-256: dacf44751ed3ca84c7eaeee7632af2e8b788474d4c7b35384e7ac9cf5ab79d60
Size: 1.10 MB
Asianux Server 8 for x86_64
- rsync-3.1.3-25.el8_10.x86_64.rpm
MD5: 7da2a4f4dddb3b8994d3bc61a32f862c
SHA-256: 48f5797f7237925f9a0dddff84a614f614046b6bde7d702e01dc1415f853a609
Size: 411.56 kB - rsync-daemon-3.1.3-25.el8_10.noarch.rpm
MD5: d09fecb5129fd427795883bfd60bde6f
SHA-256: e1a45484afa1a98b24ef3354c7684e039103b63c6a6bbc2c9a615c72f9e24a85
Size: 44.18 kB