Release date:
2026-05-25 07:38:50 UTC
Description:
* SECURITY UPDATE: daemon-no-chroot TOCTOU symlink race
- debian/patches/CVE-2026-29518.patch: track per-module chroot in
am_chrooted and use_secure_symlinks; route the sender's read-path
open, the receiver's basis-file open, mkstemp, and inplace write
through secure_relative_open() / secure_mkstemp()
- CVE-2026-29518
Updated packages:
-
rsync_3.1.2-2.1ubuntu1.6+tuxcare.els7_amd64.deb
sha:68b98f3a8d51727385b2819ebc919abcdfbdd533
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
