Multiple vulnerabilities in rsync (CVE-2026-29518, CVE-2026-43617, CVE-2026-43618, CVE-2026-43619, CVE-2026-43620, CVE-2026-45232) can lead to local privilege escalation, access restriction bypass, remote memory disclosure to authenticated peers, or denial of service. The CVSS scores range from Medium to High, with CVE-2026-43618 rated 8.1. For Debian stable (trixie), the issues are fixed in rsync version 3.4.1+ds1-5+deb13u3, and for oldstable (bookworm) in version 3.2.7-1+deb12u5.
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index] [SECURITY] [DSA 6282-1] rsync security update To: debian-security-announce@lists.debian.org Subject: [SECURITY] [DSA 6282-1] rsync security update From: Salvatore Bonaccorso <carnil@debian.org> Date: Wed, 20 May 2026 13:26:29 +0000 Message-id: <[🔎] E1wPgwP-0000000GDTJ-41lZ@seger.debian.org> Reply-to: debian-security-announce-request@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6282-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 20, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : rsync CVE ID : CVE-2026-29518 CVE-2026-43617 CVE-2026-43618 CVE-2026-43619 CVE-2026-43620 CVE-2026-45232 Several vulnerabilities were discovered in rsync, a fast, versatile, remote (and local) file-copying tool, which may result in local privilege escalation, bypass of intended access restrictions, remote memory disclosure to an authenticated daemon peer or denial of service. For the oldstable distribution (bookworm), these problems have been fixed in version 3.2.7-1+deb12u5. For the stable distribution (trixie), these problems have been fixed in version 3.4.1+ds1-5+deb13u3. We recommend that you upgrade your rsync packages. For the detailed security status of rsync please refer to its security tracker page at: https://security-tracker.debian.org/tracker/rsync Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmoNtldfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RW3A//RjHBdaVB4bvFPH63WY5EtKsc3Bh09oNDmYcdHFWzNWXCBLadSwmrHQAc 5aEVWnBl7ku2cs3cvm9URsujFtIyxOICZOo+5aKAkWAOYj1iNabQal1PDxOFQPai h4S4+z2uOSdXXLRUyKFNbiOvOIk+c/eM6oiFhuu/m3UL87NNfmG45XqaFleIjAuz kUrA04Dcr7L12tLlZ2/DO4zy4PGwIiMyIAmmvf0KnZtWIdhqtVcNqeTDg1hyJPtq cymGwr69lU6UaQ2h9YchtJiiLMkP/YUhjiA6QC84JAtgaiaL6k/QQVEo8VGf+T2V fIFSCQpE3Ss/NlpBcDw6c6VxlrGLhJHqCaJAm0kUbi/Jb0+1jr8cc+kyr5uoeggk SZUSZdZt3JuXEH7ykSy8Xp1EI2ddF8r7RtLf5fnHoaLbKaKXgRqylX1ff6muYLsb oKnzJSY5JzZZbbNDUEx1hRPDAz9oQov9D1yt5wGBdR+Zt/KBrdl5EstPxuITI6j1 vU1gzF3CyX8aX/QbM89D2kCLvxXx3wMJSGivgKCa+2kPhEBLvrvwd0R0UcE6EhYm uX7w+qTBHSMHBBmhtBV8piJghuLWniJOOgQFCH4qqUbc0JMbvK+eMfk4yvVeQ48f CtyDDtop9zrFHK8oO6hiBefaLPeipX3oGzjbOMiFfgMo5tcdPi0= =bbWm -----END PGP SIGNATURE----- Reply to: debian-security-announce@lists.debian.org Salvatore Bonaccorso (on-list) Salvatore Bonaccorso (off-list) Prev by Date: [SECURITY] [DSA 6281-1] gnutls28 security update Previous by thread: [SECURITY] [DSA 6281-1] gnutls28 security update Index(es): Date Thread