Security News

Cybersecurity news aggregator

🔄
HIGH Updates Red Hat Errata

RHSA-2026:20603: Important: rsync security update

rhelcvecve-2024-12086cve-2025-10158cve-2026-41035
This security update addresses three vulnerabilities in rsync: a server-side information leak (CVE-2024-12086, CVSS 6.1), an out-of-bounds array access via negative index (CVE-2025-10158, CVSS 4.3), and a use-after-free flaw in extended attribute handling (CVE-2026-41035, CVSS 7.4). The use-after-free vulnerability affects rsync versions 3.0.1 through 3.4.1, while the information leak specifically impacts versions up to and including 3.3.0. Red Hat has released patched packages for its supported Enterprise Linux 9.6 EUS streams, and users should apply the update immediately.
Read Full Article →

Red Hat Product Errata RHSA-2026:20603 - Security Advisory Issued: 2026-05-26 Updated: 2026-05-26 RHSA-2026:20603 - Security Advisory Overview Updated Packages Synopsis Important: rsync security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for rsync is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fix(es): rsync: rsync server leaks arbitrary client files (CVE-2024-12086) rsync: Rsync: Out of bounds array access via negative index (CVE-2025-10158) rsync: Rsync: Use-after-free vulnerability in extended attribute handling (CVE-2026-41035) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64 Red Hat Enterprise Linux Server - AUS 9.6 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 s390x Fixes BZ - 2330577 - CVE-2024-12086 rsync: rsync server leaks arbitrary client files BZ - 2415637 - CVE-2025-10158 rsync: Rsync: Out of bounds array access via negative index BZ - 2458898 - CVE-2026-41035 rsync: Rsync: Use-after-free vulnerability in extended attribute handling CVEs CVE-2024-12086 CVE-2025-10158 CVE-2026-41035 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 SRPM rsync-3.2.5-3.el9_6.1.src.rpm SHA-256: ad77a63073f685921fdbca27b9f43d6568ba2808383132d4dca95a1a367d521c x86_64 rsync-3.2.5-3.el9_6.1.x86_64.rpm SHA-256: 2053d72edca3905717959e76db5b3aa9fc6d09b489bb39bae5e697e99b60ac54 rsync-daemon-3.2.5-3.el9_6.1.noarch.rpm SHA-256: b4618e24f6d66b961e88092ff5b88ac1317b466469cde92bca434a5fa520c3d9 rsync-debuginfo-3.2.5-3.el9_6.1.x86_64.rpm SHA-256: 8f2e3f5b93a6bc0571b1b71e5d4ab12758fcf1ec0372868ca74884fbb4b1e36e rsync-debugsource-3.2.5-3.el9_6.1.x86_64.rpm SHA-256: 73fcf4c50827ee5d3c7fa31fbbad7761232e94bd884df01f4ff6232fd0647a9a rsync-rrsync-3.2.5-3.el9_6.1.noarch.rpm SHA-256: 79616865cb832ff4e114e7eacba63c99a03bdcee6c4a03d5e661d3fa150aa9e0 Red Hat Enterprise Linux Server - AUS 9.6 SRPM rsync-3.2.5-3.el9_6.1.src.rpm SHA-256: ad77a63073f685921fdbca27b9f43d6568ba2808383132d4dca95a1a367d521c x86_64 rsync-3.2.5-3.el9_6.1.x86_64.rpm SHA-256: 2053d72edca3905717959e76db5b3aa9fc6d09b489bb39bae5e697e99b60ac54 rsync-daemon-3.2.5-3.el9_6.1.noarch.rpm SHA-256: b4618e24f6d66b961e88092ff5b88ac1317b466469cde92bca434a5fa520c3d9 rsync-debuginfo-3.2.5-3.el9_6.1.x86_64.rpm SHA-256: 8f2e3f5b93a6bc0571b1b71e5d4ab12758fcf1ec0372868ca74884fbb4b1e36e rsync-debugsource-3.2.5-3.el9_6.1.x86_64.rpm SHA-256: 73fcf4c50827ee5d3c7fa31fbbad7761232e94bd884df01f4ff6232fd0647a9a rsync-rrsync-3.2.5-3.el9_6.1.noarch.rpm SHA-256: 79616865cb832ff4e114e7eacba63c99a03bdcee6c4a03d5e661d3fa150aa9e0 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 SRPM rsync-3.2.5-3.el9_6.1.src.rpm SHA-256: ad77a63073f685921fdbca27b9f43d6568ba2808383132d4dca95a1a367d521c s390x rsync-3.2.5-3.el9_6.1.s390x.rpm SHA-256: 35cc64ca7af1bc0ea051420b113375c7f5331b53c23fcb9878ca102708c4a465 rsync-daemon-3.2.5-3.el9_6.1.noarch.rpm SHA-256: b4618e24f6d66b961e88092ff5b88ac1317b466469cde92bca434a5fa520c3d9 rsync-debuginfo-3.2.5-3.el9_6.1.s390x.rpm SHA-256: 20656b664a0b083286a13a286d70587dcad8167078410454e9151f913adbdee1 rsync-debugsource-3.2.5-3.el9_6.1.s390x.rpm SHA-256: be6d1dc50ea8b2fb48b6d6f2d8f90390807da289c72940d042e901f86b53fc8a rsync-rrsync-3.2.5-3.el9_6.1.noarch.rpm SHA-256: 79616865cb832ff4e114e7eacba63c99a03bdcee6c4a03d5e661d3fa150aa9e0 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 SRPM rsync-3.2.5-3.el9_6.1.src.rpm SHA-256: ad77a63073f685921fdbca27b9f43d6568ba2808383132d4dca95a1a367d521c ppc64le rsync-3.2.5-3.el9_6.1.ppc64le.rpm SHA-256: c9250aec8fc74890a6e720ef4c1c65aec76b047aa644b97b8feecd971e5ba8a5 rsync-daemon-3.2.5-3.el9_6.1.noarch.rpm SHA-256: b4618e24f6d66b961e88092ff5b88ac1317b466469cde92bca434a5fa520c3d9 rsync-debuginfo-3.2.5-3.el9_6.1.ppc64le.rpm SHA-256: 12ffef4c6e1d940e82fb2ef206a3e7b56e7caca269b55c054d420cae973f3ed0 rsync-debugsource-3.2.5-3.el9_6.1.ppc64le.rpm SHA-256: 617105d7f7eebfce7c5bf4788c257fd8a6d96c5a03085abc1df9bd3b3700a8bd rsync-rrsync-3.2.5-3.el9_6.1.noarch.rpm SHA-256: 79616865cb832ff4e114e7eacba63c99a03bdcee6c4a03d5e661d3fa150aa9e0 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 SRPM rsync-3.2.5-3.el9_6.1.src.rpm SHA-256: ad77a63073f685921fdbca27b9f43d6568ba2808383132d4dca95a1a367d521c aarch64 rsync-3.2.5-3.el9_6.1.aarch64.rpm SHA-256: e8f3c6924cb631a882b14a7a9269bd5440a5b1e613f70497c522da3ee6986015 rsync-daemon-3.2.5-3.el9_6.1.noarch.rpm SHA-256: b4618e24f6d66b961e88092ff5b88ac1317b466469cde92bca434a5fa520c3d9 rsync-debuginfo-3.2.5-3.el9_6.1.aarch64.rpm SHA-256: 499bdc4439e660abbf5d14aad11d30323073b9259ac614e86f5ecea7ef2bee6c rsync-debugsource-3.2.5-3.el9_6.1.aarch64.rpm SHA-256: 22e5dd8ffebc392a65179c679e85908ab6ff7979b96aeac978f476bd76dfcd83 rsync-rrsync-3.2.5-3.el9_6.1.noarch.rpm SHA-256: 79616865cb832ff4e114e7eacba63c99a03bdcee6c4a03d5e661d3fa150aa9e0 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 SRPM rsync-3.2.5-3.el9_6.1.src.rpm SHA-256: ad77a63073f685921fdbca27b9f43d6568ba2808383132d4dca95a1a367d521c ppc64le rsync-3.2.5-3.el9_6.1.ppc64le.rpm SHA-256: c9250aec8fc74890a6e720ef4c1c65aec76b047aa644b97b8feecd971e5ba8a5 rsync-daemon-3.2.5-3.el9_6.1.noarch.rpm SHA-256: b4618e24f6d66b961e88092ff5b88ac1317b466469cde92bca434a5fa520c3d9 rsync-debuginfo-3.2.5-3.el9_6.1.ppc64le.rpm SHA-256: 12ffef4c6e1d940e82fb2ef206a3e7b56e7caca269b55c054d420cae973f3ed0 rsync-debugsource-3.2.5-3.el9_6.1.ppc64le.rpm SHA-256: 617105d7f7eebfce7c5bf4788c257fd8a6d96c5a03085abc1df9bd3b3700a8bd rsync-rrsync-3.2.5-3.el9_6.1.noarch.rpm SHA-256: 79616865cb832ff4e114e7eacba63c99a03bdcee6c4a03d5e661d3fa150aa9e0 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 SRPM rsync-3.2.5-3.el9_6.1.src.rpm SHA-256: ad77a63073f685921fdbca27b9f43d6568ba2808383132d4dca95a1a367d521c x86_64 rsync-3.2.5-3.el9_6.1.x86_64.rpm SHA-256: 2053d72edca3905717959e76db5b3aa9fc6d09b489bb39bae5e697e99b60ac54 rsync-daemon-3.2.5-3.el9_6.1.noarch.rpm SHA-256: b4618e24f6d66b961e88092ff5b88ac1317b466469cde92bca434a5fa520c3d9 rsync-debuginfo-3.2.5-3.el9_6.1.x86_64.rpm SHA-256: 8f2e3f5b93a6bc0571b1b71e5d4ab12758fcf1ec0372868ca74884fbb4b1e36e rsync-debugsource-3.2.5-3.el9_6.1.x86_64.rpm SHA-256: 73fcf4c50827ee5d3c7fa31fbbad7761232e94bd884df01f4ff6232fd0647a9a rsync-rrsync-3.2.5-3.el9_6.1.noarch.rpm SHA-256: 79616865cb832ff4e114e7eacba63c99a03bdcee6c4a03d5e661d3fa150aa9e0 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 SRPM rsync-3.2.5-3.el9_6.1.src.rpm SHA-256: ad77a63073f685921fdbca27b9f43d6568ba2808383132d4dca95a1a367d521c aarch64 rsync-3.2.5-3.el9_6.1.aarch64.rpm SHA-256: e8f3c6924cb631a882b14a7a9269bd5440a5b1e613f70497c522da3ee6986015 rsync-daemon-3.2.5-3.el9_6.1.noarch.rpm SHA-256: b4618e24f6d66b961e88092ff5b88ac1317b466469cde92bca434a5fa520c3d9 rsync-debuginfo-3.2.5-3.el9_6.1.aarch64.rpm SHA-256: 499bdc4439e660abbf5d14aad11d30323073b9259ac614e86f5ecea7ef2bee6c rsync-debugsource-3.2.5-3.el9_6.1.aarch64.rpm SHA-256: 22e5dd8ffebc392a65179c679e85908ab6ff7979b96aeac978f476bd76dfcd83 rsync-rrsync-3.2.5-3.el9_6.1.noarch.rpm SHA-256: 79616865cb832ff4e114e7eacba63c99a03bdcee6c4a03d5e661d3fa150aa9e0 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 SRPM rsync-3.2.5-3.el9_6.1.src.rpm SHA-256: ad77a63073f685921fdbca27b9f43d6568ba2808383132d4dca95a1a367d521c s390x rsync-3.2.5-3.el9_6.1.s390x.rpm SHA-256: 35cc64ca7af1bc0ea051420b113375c7f5331b53c23fcb9878ca102708c4a465 rsync-daemon-3.2.5-3.el9_6.1.noarch.rpm SHA-256: b4618e24f6d66b961e88092ff5b88ac1317b466469cde92bca434a5fa520c3d9 rsync-debuginfo-3.2.5-3.el9_6.1.s390x.rpm SHA-256: 20656b664a0b083286a13a286d70587dcad8167078410454e9151f913adbdee1 rsync-debugsource-3.2.5-3.el9_6.1.s390x.rpm SHA-256: be6d1dc50ea8b2fb48b6d6f2d8f90390807da289c72940d042e901f86b53fc8a rsync-rrsync-3.2.5-3.el9_6.1.noarch.rpm SHA-256: 79616865cb832ff4e114e7eacba63c99a03bdcee6c4a03d5e661d3fa150aa9e0 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 S

Related Articles

MEDIUM RHSA-2026:20696: Important: rsync security update Red Hat Errata HIGH RHSA-2026:19368: Important: rsync security update Red Hat Errata HIGH RHSA-2026:20602: Important: rsync security update Red Hat Errata HIGH RHSA-2026:20604: Important: rsync security update Red Hat Errata
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn