ALSA-2026:26332
See a problem?- Import Source
- https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2026:26332.json
- JSON Data
- https://api.osv.dev/v1/vulns/ALSA-2026:26332
- Related
- Published
- 2026-06-16T00:00:00Z
- Modified
- 2026-06-17T11:44:15.752474460Z
- Summary
- Important: rsync security, bug fix, and enhancement update
- Details
-
The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool.
Security Fix(es):
- rsync: rsync: Remote memory disclosure via integer overflow in compressed-token decoding (CVE-2026-43618)
- rsync: TOCTOU symlink race condition allowing local privilege escalation in daemon mode without chroot. (CVE-2026-29518)
Bug Fix(es) and Enhancement(s):
- Rebase rsync to version 3.4.4 in AlmaLinux10 (JIRA:AlmaLinux-181630)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- References
Affected packages
AlmaLinux:10 / rsync
Package
- Name
- rsync
- Purl
- pkg:rpm/almalinux/rsync
AlmaLinux:10 / rsync-daemon
Package
- Name
- rsync-daemon
- Purl
- pkg:rpm/almalinux/rsync-daemon