rsync-3.2.5-7.el9_8

エラータID: AXSA:2026-1207:06

Release date: 
Tuesday, July 7, 2026 - 17:43
Subject: 
rsync-3.2.5-7.el9_8
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool.

Security Fix(es):

* rsync: rsync server leaks arbitrary client files (CVE-2024-12086)
* rsync: Rsync: Use-after-free vulnerability in extended attribute handling (CVE-2026-41035)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-12086
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.
CVE-2026-41035
In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are more widely vulnerable.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. rsync-3.2.5-7.el9_8.src.rpm
    MD5: 9afa8b9f410f80e274a5b67b5edf04f6
    SHA-256: 919544304a54bd06e2d282ebbb7b182a3c1eef1852311efe9286dca25570652b
    Size: 1.25 MB

Asianux Server 9 for x86_64
  1. rsync-3.2.5-7.el9_8.x86_64.rpm
    MD5: f74126aed7e65b00b8a20c492b1b91c7
    SHA-256: 8093c0288a5a8e0b482cb11c497cfc2a23d0b1d8943ff58d6d6dc0f0df144cfd
    Size: 411.12 kB
  2. rsync-daemon-3.2.5-7.el9_8.noarch.rpm
    MD5: 0cc8736d8f46844609b4b62c96479632
    SHA-256: 05452c31dc43310afd0d29f6f5efa36944a0e4dc303322025eaa920ff9c3de60
    Size: 9.59 kB
  3. rsync-rrsync-3.2.5-7.el9_8.noarch.rpm
    MD5: 0d2c079e04e7103ee7dd5c30bb2cf09e
    SHA-256: 039b249d7463a306e8090e1a9339da7876643de767d897cf5e4bd4982a9394ae
    Size: 14.75 kB