Red Hat Product Errata RHSA-2026:17481 - Security Advisory Issued: 2026-05-14 Updated: 2026-05-14 RHSA-2026:17481 - Security Advisory Overview Updated Packages Synopsis Important: rsync security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for rsync is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fix(es): rsync: Rsync: Use-after-free vulnerability in extended attribute handling (CVE-2026-41035) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 8 x86_64 Red Hat Enterprise Linux for IBM z Systems 8 s390x Red Hat Enterprise Linux for Power, little endian 8 ppc64le Red Hat Enterprise Linux for ARM 64 8 aarch64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x Fixes BZ - 2458898 - CVE-2026-41035 rsync: Rsync: Use-after-free vulnerability in extended attribute handling CVEs CVE-2026-41035 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 8 SRPM rsync-3.1.3-25.el8_10.src.rpm SHA-256: c5eb468720a569592a07c119b9d2b441f780b48fd5c26ba790e0d5d809fc2d9b x86_64 rsync-3.1.3-25.el8_10.x86_64.rpm SHA-256: 9fb4ac09b7640363c24edae1f1ef2826898721961575de795b487a31e654e944 rsync-daemon-3.1.3-25.el8_10.noarch.rpm SHA-256: 85cc450db8744d0fd382e2f5cb6de9b251401f35950e883f3ec0064ff34c3137 rsync-debuginfo-3.1.3-25.el8_10.x86_64.rpm SHA-256: bf1ae2dc8345ef98360f8b756f287d5d5dbf9be19b5f19abc142f5ac7687dac5 rsync-debugsource-3.1.3-25.el8_10.x86_64.rpm SHA-256: 8f34e3e0ab4ba50a39485bf41f3ed8e1d85db84d2049d9d26a366379403acd40 Red Hat Enterprise Linux for IBM z Systems 8 SRPM rsync-3.1.3-25.el8_10.src.rpm SHA-256: c5eb468720a569592a07c119b9d2b441f780b48fd5c26ba790e0d5d809fc2d9b s390x rsync-3.1.3-25.el8_10.s390x.rpm SHA-256: a8eaf4a1e7c7bd5b8070b04a7c282ac0c8fe725ec7dd9fa43d7a731eaf3e5bd8 rsync-daemon-3.1.3-25.el8_10.noarch.rpm SHA-256: 85cc450db8744d0fd382e2f5cb6de9b251401f35950e883f3ec0064ff34c3137 rsync-debuginfo-3.1.3-25.el8_10.s390x.rpm SHA-256: 5d2559ecc57f95e6a5b37385f6f1d2d5f7fd6e4c2b561445944ebb4862ac8912 rsync-debugsource-3.1.3-25.el8_10.s390x.rpm SHA-256: c07ded18544c95bb99b771ed3ea4bdb6eb05b11bd995d9f6c2238155698f3f16 Red Hat Enterprise Linux for Power, little endian 8 SRPM rsync-3.1.3-25.el8_10.src.rpm SHA-256: c5eb468720a569592a07c119b9d2b441f780b48fd5c26ba790e0d5d809fc2d9b ppc64le rsync-3.1.3-25.el8_10.ppc64le.rpm SHA-256: d030b88f18159107a5df22a2913e1c54cb1fe924df508fef32020d5e90747a54 rsync-daemon-3.1.3-25.el8_10.noarch.rpm SHA-256: 85cc450db8744d0fd382e2f5cb6de9b251401f35950e883f3ec0064ff34c3137 rsync-debuginfo-3.1.3-25.el8_10.ppc64le.rpm SHA-256: 3286e67ee495a5b7853d2e27f1c71be76cb7467e42e3d534f8848749a270db9d rsync-debugsource-3.1.3-25.el8_10.ppc64le.rpm SHA-256: 314f88496762ee7788d05567ae6fdfb456e2832ddd5bb1770dacd80535e10c70 Red Hat Enterprise Linux for ARM 64 8 SRPM rsync-3.1.3-25.el8_10.src.rpm SHA-256: c5eb468720a569592a07c119b9d2b441f780b48fd5c26ba790e0d5d809fc2d9b aarch64 rsync-3.1.3-25.el8_10.aarch64.rpm SHA-256: 986a683a47489a832b69ddae067acb1842711b268cdd259fb571c6684063c95e rsync-daemon-3.1.3-25.el8_10.noarch.rpm SHA-256: 85cc450db8744d0fd382e2f5cb6de9b251401f35950e883f3ec0064ff34c3137 rsync-debuginfo-3.1.3-25.el8_10.aarch64.rpm SHA-256: 7fd93ca817d61b9601b0bb5e57f4e42002bae624e966c583e943e012c5abd2d7 rsync-debugsource-3.1.3-25.el8_10.aarch64.rpm SHA-256: ce7da8efd5c2dfcf2eef51b9a42dd235b5f4b62bc5dd53f874c4abbd8542c921 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 SRPM rsync-3.1.3-25.el8_10.src.rpm SHA-256: c5eb468720a569592a07c119b9d2b441f780b48fd5c26ba790e0d5d809fc2d9b x86_64 rsync-3.1.3-25.el8_10.x86_64.rpm SHA-256: 9fb4ac09b7640363c24edae1f1ef2826898721961575de795b487a31e654e944 rsync-daemon-3.1.3-25.el8_10.noarch.rpm SHA-256: 85cc450db8744d0fd382e2f5cb6de9b251401f35950e883f3ec0064ff34c3137 rsync-debuginfo-3.1.3-25.el8_10.x86_64.rpm SHA-256: bf1ae2dc8345ef98360f8b756f287d5d5dbf9be19b5f19abc142f5ac7687dac5 rsync-debugsource-3.1.3-25.el8_10.x86_64.rpm SHA-256: 8f34e3e0ab4ba50a39485bf41f3ed8e1d85db84d2049d9d26a366379403acd40 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 SRPM rsync-3.1.3-25.el8_10.src.rpm SHA-256: c5eb468720a569592a07c119b9d2b441f780b48fd5c26ba790e0d5d809fc2d9b aarch64 rsync-3.1.3-25.el8_10.aarch64.rpm SHA-256: 986a683a47489a832b69ddae067acb1842711b268cdd259fb571c6684063c95e rsync-daemon-3.1.3-25.el8_10.noarch.rpm SHA-256: 85cc450db8744d0fd382e2f5cb6de9b251401f35950e883f3ec0064ff34c3137 rsync-debuginfo-3.1.3-25.el8_10.aarch64.rpm SHA-256: 7fd93ca817d61b9601b0bb5e57f4e42002bae624e966c583e943e012c5abd2d7 rsync-debugsource-3.1.3-25.el8_10.aarch64.rpm SHA-256: ce7da8efd5c2dfcf2eef51b9a42dd235b5f4b62bc5dd53f874c4abbd8542c921 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 SRPM rsync-3.1.3-25.el8_10.src.rpm SHA-256: c5eb468720a569592a07c119b9d2b441f780b48fd5c26ba790e0d5d809fc2d9b ppc64le rsync-3.1.3-25.el8_10.ppc64le.rpm SHA-256: d030b88f18159107a5df22a2913e1c54cb1fe924df508fef32020d5e90747a54 rsync-daemon-3.1.3-25.el8_10.noarch.rpm SHA-256: 85cc450db8744d0fd382e2f5cb6de9b251401f35950e883f3ec0064ff34c3137 rsync-debuginfo-3.1.3-25.el8_10.ppc64le.rpm SHA-256: 3286e67ee495a5b7853d2e27f1c71be76cb7467e42e3d534f8848749a270db9d rsync-debugsource-3.1.3-25.el8_10.ppc64le.rpm SHA-256: 314f88496762ee7788d05567ae6fdfb456e2832ddd5bb1770dacd80535e10c70 Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 SRPM rsync-3.1.3-25.el8_10.src.rpm SHA-256: c5eb468720a569592a07c119b9d2b441f780b48fd5c26ba790e0d5d809fc2d9b s390x rsync-3.1.3-25.el8_10.s390x.rpm SHA-256: a8eaf4a1e7c7bd5b8070b04a7c282ac0c8fe725ec7dd9fa43d7a731eaf3e5bd8 rsync-daemon-3.1.3-25.el8_10.noarch.rpm SHA-256: 85cc450db8744d0fd382e2f5cb6de9b251401f35950e883f3ec0064ff34c3137 rsync-debuginfo-3.1.3-25.el8_10.s390x.rpm SHA-256: 5d2559ecc57f95e6a5b37385f6f1d2d5f7fd6e4c2b561445944ebb4862ac8912 rsync-debugsource-3.1.3-25.el8_10.s390x.rpm SHA-256: c07ded18544c95bb99b771ed3ea4bdb6eb05b11bd995d9f6c2238155698f3f16 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .