SUSE-SU-2026:2048-1

See a problem?
Please try reporting it to the source first.

Source

https://www.suse.com/support/update/announcement/2026/suse-su-20262048-1/

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:2048-1.json

JSON Data

https://api.osv.dev/v1/vulns/SUSE-SU-2026:2048-1

Upstream

CVE-2024-12084

CVE-2024-12085

CVE-2024-12086

CVE-2024-12087

CVE-2024-12088

CVE-2024-12747

CVE-2025-10158

CVE-2026-29518

CVE-2026-41035

CVE-2026-43617

CVE-2026-43618

CVE-2026-43620

CVE-2026-45232

Related

CVE-2024-12084
CVE-2024-12085
CVE-2024-12086
CVE-2024-12087
CVE-2024-12088
CVE-2024-12747
CVE-2025-10158
CVE-2026-29518
CVE-2026-41035
CVE-2026-43617
CVE-2026-43618
CVE-2026-43620
CVE-2026-45232

Published

2026-05-25T13:55:42Z

Modified

2026-05-26T08:15:05.350251039Z

Summary

Security update for rsync

Details

This update for rsync fixes the following issues

CVE-2026-29518: Symlink-Race TOCTOU in Daemon (bsc#1264511).
CVE-2026-43617: Authorization Bypass via Hostname Resolution (bsc#1264515).
CVE-2026-43618: Integer Overflow Information Disclosure (bsc#1264512).
CVE-2026-43620: Out-of-Bounds Array Read via recv_files() (bsc#1264513).
CVE-2026-45232: Off-by-one stack OOB write in HTTP CONNECT proxy response parsing (bsc#1265296).

References

Affected packages