Release date:
2026-05-22 13:06:17 UTC
Description:
* SECURITY UPDATE: integer overflow in compressed-token decoder allows
memory disclosure to a malicious sender
- debian/patches/CVE-2026-43618.patch: cap rx_token at MAX_TOKEN_INDEX
and add overflow checks in recv_compressed_token_num/run; add
CHUNK_SIZE bound check in simple_recv_token; initialize data=NULL
per iteration and validate literal token pointer in receiver
- CVE-2026-43618
Updated packages:
-
rsync_3.1.3-8ubuntu0.9+tuxcare.els1_amd64.deb
sha:1e058c9e08292f33aef515ac444d2cbac6e9aacd
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
