CLSA-2026-1780062116

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1780062116.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2026-1780062116
Upstream
  • CVE-2026-41035
Published
2026-05-29T13:42:01Z
Modified
2026-06-04T09:47:17.256084707Z
Summary
Fix CVE(s): CVE-2026-41035
Details
  • SECURITY UPDATE: use-after-free in receive_xattr()
    • debian/patches/CVE-2026-41035.patch: replace stale local 'count' with tempxattr.count in the qsort call inside receivexattr(), so the sort uses the live size of the rebuilt xattr items list; victim must run rsync with -X / --xattrs
    • CVE-2026-41035
References

Affected packages

TuxCare:Ubuntu:16.04 / rsync

Package

Name
rsync
Purl
pkg:deb/tuxcare/rsync?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.1-3ubuntu1.3+tuxcare.els10

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1780062116.json"