Security News

Cybersecurity news aggregator

🔄
HIGH Updates Red Hat Errata

RHSA-2026:20602: Important: rsync security update

rhelsoftware_patchsecurity_advisorycve-2025-10158cve-2026-41035
This security update addresses two vulnerabilities in rsync: an out-of-bounds array access via a negative index (CVE-2025-10158, CVSS 4.3 MEDIUM) and a use-after-free flaw in extended attribute handling (CVE-2026-41035, CVSS 7.4 HIGH). The use-after-free vulnerability affects rsync versions 3.0.1 through 3.4.1. Red Hat has rated this update as Important and released patched packages for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions and related streams.
Read Full Article →

Red Hat Product Errata RHSA-2026:20602 - Security Advisory Issued: 2026-05-26 Updated: 2026-05-26 RHSA-2026:20602 - Security Advisory Overview Updated Packages Synopsis Important: rsync security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for rsync is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fix(es): rsync: Rsync: Out of bounds array access via negative index (CVE-2025-10158) rsync: Rsync: Use-after-free vulnerability in extended attribute handling (CVE-2026-41035) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server - AUS 9.2 x86_64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2 s390x Fixes BZ - 2415637 - CVE-2025-10158 rsync: Rsync: Out of bounds array access via negative index BZ - 2458898 - CVE-2026-41035 rsync: Rsync: Use-after-free vulnerability in extended attribute handling CVEs CVE-2025-10158 CVE-2026-41035 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server - AUS 9.2 SRPM rsync-3.2.3-19.el9_2.3.src.rpm SHA-256: 21ce693365d844f70f3fa96219a862049d837adf6c0aa3195aba16382cec7c04 x86_64 rsync-3.2.3-19.el9_2.3.x86_64.rpm SHA-256: 1b959f60f26c9fd51cbfa99a78df9f27079ade2818a798228073f13beb7abdb6 rsync-daemon-3.2.3-19.el9_2.3.noarch.rpm SHA-256: b310f9de7a4b0a32e3078b29e2cc20931c589f43a1423406427d9dab35395a02 rsync-debuginfo-3.2.3-19.el9_2.3.x86_64.rpm SHA-256: f381a77c1ee59a5af716e558008ee31f1fac3d878f220ef54f57669954398f63 rsync-debugsource-3.2.3-19.el9_2.3.x86_64.rpm SHA-256: db26c5cc48cf7211a39cbc7998d14dcad037f8b7ec8c12ad41a0fd178ffe3f4f Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 SRPM rsync-3.2.3-19.el9_2.3.src.rpm SHA-256: 21ce693365d844f70f3fa96219a862049d837adf6c0aa3195aba16382cec7c04 ppc64le rsync-3.2.3-19.el9_2.3.ppc64le.rpm SHA-256: b0d7af5e63806396ae90ee2937deb2ad2ff8034d47fca69c559d12d377819116 rsync-daemon-3.2.3-19.el9_2.3.noarch.rpm SHA-256: b310f9de7a4b0a32e3078b29e2cc20931c589f43a1423406427d9dab35395a02 rsync-debuginfo-3.2.3-19.el9_2.3.ppc64le.rpm SHA-256: 9d7a65c42421483733e5074b72f06ed4c7d013a708e10d9031a2e11fd56d5ef1 rsync-debugsource-3.2.3-19.el9_2.3.ppc64le.rpm SHA-256: c2af73121f50973c575152ac6f6cc4ccb350aba9c93451715f31a1eb45ce06f6 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 SRPM rsync-3.2.3-19.el9_2.3.src.rpm SHA-256: 21ce693365d844f70f3fa96219a862049d837adf6c0aa3195aba16382cec7c04 x86_64 rsync-3.2.3-19.el9_2.3.x86_64.rpm SHA-256: 1b959f60f26c9fd51cbfa99a78df9f27079ade2818a798228073f13beb7abdb6 rsync-daemon-3.2.3-19.el9_2.3.noarch.rpm SHA-256: b310f9de7a4b0a32e3078b29e2cc20931c589f43a1423406427d9dab35395a02 rsync-debuginfo-3.2.3-19.el9_2.3.x86_64.rpm SHA-256: f381a77c1ee59a5af716e558008ee31f1fac3d878f220ef54f57669954398f63 rsync-debugsource-3.2.3-19.el9_2.3.x86_64.rpm SHA-256: db26c5cc48cf7211a39cbc7998d14dcad037f8b7ec8c12ad41a0fd178ffe3f4f Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 SRPM rsync-3.2.3-19.el9_2.3.src.rpm SHA-256: 21ce693365d844f70f3fa96219a862049d837adf6c0aa3195aba16382cec7c04 aarch64 rsync-3.2.3-19.el9_2.3.aarch64.rpm SHA-256: 5448352b5c25456b3b6e293d928c0e945f92ba8fa83dd930c605025f32c4210c rsync-daemon-3.2.3-19.el9_2.3.noarch.rpm SHA-256: b310f9de7a4b0a32e3078b29e2cc20931c589f43a1423406427d9dab35395a02 rsync-debuginfo-3.2.3-19.el9_2.3.aarch64.rpm SHA-256: 941e1765b5dbd16086960a06b2149cddcc38e5689d152162367dc24c0b2695a5 rsync-debugsource-3.2.3-19.el9_2.3.aarch64.rpm SHA-256: 3dcc6ca2fe17d7290e2c845cd8cc68c31adb3fb719a70751639567c7cb904223 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 SRPM rsync-3.2.3-19.el9_2.3.src.rpm SHA-256: 21ce693365d844f70f3fa96219a862049d837adf6c0aa3195aba16382cec7c04 s390x rsync-3.2.3-19.el9_2.3.s390x.rpm SHA-256: ebc34ed16da3cb0149d16547dea45c3b5eb2d9d0ef46d8e5283c121db6df5a2b rsync-daemon-3.2.3-19.el9_2.3.noarch.rpm SHA-256: b310f9de7a4b0a32e3078b29e2cc20931c589f43a1423406427d9dab35395a02 rsync-debuginfo-3.2.3-19.el9_2.3.s390x.rpm SHA-256: 4e7d36fa6353a8ded31369746ad111a4ec7745ee974d86ddfd8600ae1204ef43 rsync-debugsource-3.2.3-19.el9_2.3.s390x.rpm SHA-256: 4174c73903faf56dc46694e4448251bd8933af0008226d3d81e7ffb09874f4e3 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 SRPM rsync-3.2.3-19.el9_2.3.src.rpm SHA-256: 21ce693365d844f70f3fa96219a862049d837adf6c0aa3195aba16382cec7c04 x86_64 rsync-3.2.3-19.el9_2.3.x86_64.rpm SHA-256: 1b959f60f26c9fd51cbfa99a78df9f27079ade2818a798228073f13beb7abdb6 rsync-daemon-3.2.3-19.el9_2.3.noarch.rpm SHA-256: b310f9de7a4b0a32e3078b29e2cc20931c589f43a1423406427d9dab35395a02 rsync-debuginfo-3.2.3-19.el9_2.3.x86_64.rpm SHA-256: f381a77c1ee59a5af716e558008ee31f1fac3d878f220ef54f57669954398f63 rsync-debugsource-3.2.3-19.el9_2.3.x86_64.rpm SHA-256: db26c5cc48cf7211a39cbc7998d14dcad037f8b7ec8c12ad41a0fd178ffe3f4f Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2 SRPM rsync-3.2.3-19.el9_2.3.src.rpm SHA-256: 21ce693365d844f70f3fa96219a862049d837adf6c0aa3195aba16382cec7c04 aarch64 rsync-3.2.3-19.el9_2.3.aarch64.rpm SHA-256: 5448352b5c25456b3b6e293d928c0e945f92ba8fa83dd930c605025f32c4210c rsync-daemon-3.2.3-19.el9_2.3.noarch.rpm SHA-256: b310f9de7a4b0a32e3078b29e2cc20931c589f43a1423406427d9dab35395a02 rsync-debuginfo-3.2.3-19.el9_2.3.aarch64.rpm SHA-256: 941e1765b5dbd16086960a06b2149cddcc38e5689d152162367dc24c0b2695a5 rsync-debugsource-3.2.3-19.el9_2.3.aarch64.rpm SHA-256: 3dcc6ca2fe17d7290e2c845cd8cc68c31adb3fb719a70751639567c7cb904223 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2 SRPM rsync-3.2.3-19.el9_2.3.src.rpm SHA-256: 21ce693365d844f70f3fa96219a862049d837adf6c0aa3195aba16382cec7c04 ppc64le rsync-3.2.3-19.el9_2.3.ppc64le.rpm SHA-256: b0d7af5e63806396ae90ee2937deb2ad2ff8034d47fca69c559d12d377819116 rsync-daemon-3.2.3-19.el9_2.3.noarch.rpm SHA-256: b310f9de7a4b0a32e3078b29e2cc20931c589f43a1423406427d9dab35395a02 rsync-debuginfo-3.2.3-19.el9_2.3.ppc64le.rpm SHA-256: 9d7a65c42421483733e5074b72f06ed4c7d013a708e10d9031a2e11fd56d5ef1 rsync-debugsource-3.2.3-19.el9_2.3.ppc64le.rpm SHA-256: c2af73121f50973c575152ac6f6cc4ccb350aba9c93451715f31a1eb45ce06f6 Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2 SRPM rsync-3.2.3-19.el9_2.3.src.rpm SHA-256: 21ce693365d844f70f3fa96219a862049d837adf6c0aa3195aba16382cec7c04 s390x rsync-3.2.3-19.el9_2.3.s390x.rpm SHA-256: ebc34ed16da3cb0149d16547dea45c3b5eb2d9d0ef46d8e5283c121db6df5a2b rsync-daemon-3.2.3-19.el9_2.3.noarch.rpm SHA-256: b310f9de7a4b0a32e3078b29e2cc20931c589f43a1423406427d9dab35395a02 rsync-debuginfo-3.2.3-19.el9_2.3.s390x.rpm SHA-256: 4e7d36fa6353a8ded31369746ad111a4ec7745ee974d86ddfd8600ae1204ef43 rsync-debugsource-3.2.3-19.el9_2.3.s390x.rpm SHA-256: 4174c73903faf56dc46694e4448251bd8933af0008226d3d81e7ffb09874f4e3 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .

Related Articles

HIGH RHSA-2026:20604: Important: rsync security update Red Hat Errata HIGH RHSA-2026:20603: Important: rsync security update Red Hat Errata HIGH RHSA-2026:20564: Important: squid:4 security update Red Hat Errata HIGH RHSA-2026:20595: Important: libcap security update Red Hat Errata
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn