Release date:
2026-05-25 07:34:24 UTC
Description:
* SECURITY UPDATE: daemon-no-chroot TOCTOU symlink race
- debian/patches/CVE-2026-29518.patch: track per-module chroot in
am_chrooted and use_secure_symlinks; route the sender's read-path
open, the receiver's basis-file open, mkstemp, and inplace write
through secure_relative_open() / secure_mkstemp()
- CVE-2026-29518
Updated packages:
-
rsync_3.1.1-3ubuntu1.3+tuxcare.els9_amd64.deb
sha:e648fb7526cbd4d65cfa05848582be5adcc1a2fd
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
