Red Hat Product Errata RHSA-2026:20696 - Security Advisory Issued: 2026-05-26 Updated: 2026-05-26 RHSA-2026:20696 - Security Advisory Overview Updated Packages Synopsis Important: rsync security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for rsync is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fix(es): rsync: Rsync: Out of bounds array access via negative index (CVE-2025-10158) rsync: Rsync: Use-after-free vulnerability in extended attribute handling (CVE-2026-41035) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64 Fixes BZ - 2415637 - CVE-2025-10158 rsync: Rsync: Out of bounds array access via negative index BZ - 2458898 - CVE-2026-41035 rsync: Rsync: Use-after-free vulnerability in extended attribute handling RHEL-174895 - Fix regression introduced with CVE-2024-12086 fix CVEs CVE-2025-10158 CVE-2026-41035 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 SRPM rsync-3.4.1-2.el10_0.2.src.rpm SHA-256: 3504580b45ff4d62aa4b1858cbc5079f55d4818f716a2242ed7de99f4bd34b34 x86_64 rsync-3.4.1-2.el10_0.2.x86_64.rpm SHA-256: 53cf2d7e2b9ed54c446d9b9e5e4346675d344fb74446653768d35ac870e6e2ba rsync-daemon-3.4.1-2.el10_0.2.noarch.rpm SHA-256: 210007c6c01da334e4a4bb4a3ed795857a8c9dab5a17d3645b20cd0f69e83588 rsync-debuginfo-3.4.1-2.el10_0.2.x86_64.rpm SHA-256: 441ad64bfc42f3face7e9577f76a103f35491611c842fca8abba05cadf68e23c rsync-debugsource-3.4.1-2.el10_0.2.x86_64.rpm SHA-256: e2707044d41f58003396bf7a612e7767cea9313f5d5b249b9fd3baec183ebcdd rsync-rrsync-3.4.1-2.el10_0.2.noarch.rpm SHA-256: 1309f024af94cc0763d9750f0ff8cb387b6d0a38e377e0f5a499f242c8fc4d85 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 SRPM rsync-3.4.1-2.el10_0.2.src.rpm SHA-256: 3504580b45ff4d62aa4b1858cbc5079f55d4818f716a2242ed7de99f4bd34b34 s390x rsync-3.4.1-2.el10_0.2.s390x.rpm SHA-256: f6feb1d30f68675d3045ccd5f4948b751e44b3c9db7cc1495ce1c2908c76b3a6 rsync-daemon-3.4.1-2.el10_0.2.noarch.rpm SHA-256: 210007c6c01da334e4a4bb4a3ed795857a8c9dab5a17d3645b20cd0f69e83588 rsync-debuginfo-3.4.1-2.el10_0.2.s390x.rpm SHA-256: 8295ef1e7b843e2a3ae3227adb2edae3999a81df7fed7b460aedf61065d48d2c rsync-debugsource-3.4.1-2.el10_0.2.s390x.rpm SHA-256: a3caf36ed3a9e21cffb050320d1a1b9c60097f0af53808d725dab2dabca40db5 rsync-rrsync-3.4.1-2.el10_0.2.noarch.rpm SHA-256: 1309f024af94cc0763d9750f0ff8cb387b6d0a38e377e0f5a499f242c8fc4d85 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 SRPM rsync-3.4.1-2.el10_0.2.src.rpm SHA-256: 3504580b45ff4d62aa4b1858cbc5079f55d4818f716a2242ed7de99f4bd34b34 ppc64le rsync-3.4.1-2.el10_0.2.ppc64le.rpm SHA-256: dbf84fcc01e4e232bda22453ac2ac059c01501f48aa6791a4234e464d984ecda rsync-daemon-3.4.1-2.el10_0.2.noarch.rpm SHA-256: 210007c6c01da334e4a4bb4a3ed795857a8c9dab5a17d3645b20cd0f69e83588 rsync-debuginfo-3.4.1-2.el10_0.2.ppc64le.rpm SHA-256: 957953a09d23d97b9658a23464a6b47c55a6fe02efe710ae1e02b5f42838c9b0 rsync-debugsource-3.4.1-2.el10_0.2.ppc64le.rpm SHA-256: d8070cd90feec6696f853ed59992837fe2b403b2d78b547ba10e23605b134e25 rsync-rrsync-3.4.1-2.el10_0.2.noarch.rpm SHA-256: 1309f024af94cc0763d9750f0ff8cb387b6d0a38e377e0f5a499f242c8fc4d85 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 SRPM rsync-3.4.1-2.el10_0.2.src.rpm SHA-256: 3504580b45ff4d62aa4b1858cbc5079f55d4818f716a2242ed7de99f4bd34b34 aarch64 rsync-3.4.1-2.el10_0.2.aarch64.rpm SHA-256: 8d0fcace9dc29f016d8af45d1522e0b8a67bbfc585538ff12bc36b1e6f6fc551 rsync-daemon-3.4.1-2.el10_0.2.noarch.rpm SHA-256: 210007c6c01da334e4a4bb4a3ed795857a8c9dab5a17d3645b20cd0f69e83588 rsync-debuginfo-3.4.1-2.el10_0.2.aarch64.rpm SHA-256: 42924f392d2998feea0411e85d019ef7d510cdc320c2b2295267a39ed8cde6dd rsync-debugsource-3.4.1-2.el10_0.2.aarch64.rpm SHA-256: 740800824ecaed26541e62849cf6c05964fad4d640b85c541ebae7342b36218c rsync-rrsync-3.4.1-2.el10_0.2.noarch.rpm SHA-256: 1309f024af94cc0763d9750f0ff8cb387b6d0a38e377e0f5a499f242c8fc4d85 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 SRPM rsync-3.4.1-2.el10_0.2.src.rpm SHA-256: 3504580b45ff4d62aa4b1858cbc5079f55d4818f716a2242ed7de99f4bd34b34 aarch64 rsync-3.4.1-2.el10_0.2.aarch64.rpm SHA-256: 8d0fcace9dc29f016d8af45d1522e0b8a67bbfc585538ff12bc36b1e6f6fc551 rsync-daemon-3.4.1-2.el10_0.2.noarch.rpm SHA-256: 210007c6c01da334e4a4bb4a3ed795857a8c9dab5a17d3645b20cd0f69e83588 rsync-debuginfo-3.4.1-2.el10_0.2.aarch64.rpm SHA-256: 42924f392d2998feea0411e85d019ef7d510cdc320c2b2295267a39ed8cde6dd rsync-debugsource-3.4.1-2.el10_0.2.aarch64.rpm SHA-256: 740800824ecaed26541e62849cf6c05964fad4d640b85c541ebae7342b36218c rsync-rrsync-3.4.1-2.el10_0.2.noarch.rpm SHA-256: 1309f024af94cc0763d9750f0ff8cb387b6d0a38e377e0f5a499f242c8fc4d85 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 SRPM rsync-3.4.1-2.el10_0.2.src.rpm SHA-256: 3504580b45ff4d62aa4b1858cbc5079f55d4818f716a2242ed7de99f4bd34b34 s390x rsync-3.4.1-2.el10_0.2.s390x.rpm SHA-256: f6feb1d30f68675d3045ccd5f4948b751e44b3c9db7cc1495ce1c2908c76b3a6 rsync-daemon-3.4.1-2.el10_0.2.noarch.rpm SHA-256: 210007c6c01da334e4a4bb4a3ed795857a8c9dab5a17d3645b20cd0f69e83588 rsync-debuginfo-3.4.1-2.el10_0.2.s390x.rpm SHA-256: 8295ef1e7b843e2a3ae3227adb2edae3999a81df7fed7b460aedf61065d48d2c rsync-debugsource-3.4.1-2.el10_0.2.s390x.rpm SHA-256: a3caf36ed3a9e21cffb050320d1a1b9c60097f0af53808d725dab2dabca40db5 rsync-rrsync-3.4.1-2.el10_0.2.noarch.rpm SHA-256: 1309f024af94cc0763d9750f0ff8cb387b6d0a38e377e0f5a499f242c8fc4d85 Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 SRPM rsync-3.4.1-2.el10_0.2.src.rpm SHA-256: 3504580b45ff4d62aa4b1858cbc5079f55d4818f716a2242ed7de99f4bd34b34 ppc64le rsync-3.4.1-2.el10_0.2.ppc64le.rpm SHA-256: dbf84fcc01e4e232bda22453ac2ac059c01501f48aa6791a4234e464d984ecda rsync-daemon-3.4.1-2.el10_0.2.noarch.rpm SHA-256: 210007c6c01da334e4a4bb4a3ed795857a8c9dab5a17d3645b20cd0f69e83588 rsync-debuginfo-3.4.1-2.el10_0.2.ppc64le.rpm SHA-256: 957953a09d23d97b9658a23464a6b47c55a6fe02efe710ae1e02b5f42838c9b0 rsync-debugsource-3.4.1-2.el10_0.2.ppc64le.rpm SHA-256: d8070cd90feec6696f853ed59992837fe2b403b2d78b547ba10e23605b134e25 rsync-rrsync-3.4.1-2.el10_0.2.noarch.rpm SHA-256: 1309f024af94cc0763d9750f0ff8cb387b6d0a38e377e0f5a499f242c8fc4d85 Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 SRPM rsync-3.4.1-2.el10_0.2.src.rpm SHA-256: 3504580b45ff4d62aa4b1858cbc5079f55d4818f716a2242ed7de99f4bd34b34 x86_64 rsync-3.4.1-2.el10_0.2.x86_64.rpm SHA-256: 53cf2d7e2b9ed54c446d9b9e5e4346675d344fb74446653768d35ac870e6e2ba rsync-daemon-3.4.1-2.el10_0.2.noarch.rpm SHA-256: 210007c6c01da334e4a4bb4a3ed795857a8c9dab5a17d3645b20cd0f69e83588 rsync-debuginfo-3.4.1-2.el10_0.2.x86_64.rpm SHA-256: 441ad64bfc42f3face7e9577f76a103f35491611c842fca8abba05cadf68e23c rsync-debugsource-3.4.1-2.el10_0.2.x86_64.rpm SHA-256: e2707044d41f58003396bf7a612e7767cea9313f5d5b249b9fd3baec183ebcdd rsync-rrsync-3.4.1-2.el10_0.2.noarch.rpm SHA-256: 1309f024af94cc0763d9750f0ff8cb387b6d0a38e377e0f5a499f242c8fc4d85 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .