Release date:
2026-05-26 19:33:09 UTC
Description:
- CVE-2026-43618: fix integer overflow in compressed-token decoding that
could leak rsync process memory contents over the wire
- CVE-2026-29518: fix TOCTOU race on parent path components in non-chroot
daemon by routing receiver/sender opens, chmod, and chdir through per-
component O_NOFOLLOW secure variants gated on use_secure_symlinks
Updated packages:
-
rsync-3.0.6-12.el6.tuxcare.els8.x86_64.rpm
sha:2efb9e93e98815e43512b1b0d03a2fba709835529df028cc22b65b130595111f
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
