Advisories ยป MGASA-2026-0265

Updated rsync package fixes security vulnerabilities

Publication date: 18 Jul 2026
Modification date: 18 Jul 2026
Type: security
Affected Mageia releases : 10 , 9
CVE: CVE-2026-29518 , CVE-2026-43617 , CVE-2026-43618 , CVE-2026-43619 , CVE-2026-43620 , CVE-2026-45232

Description

The updated package fixes security vulnerabilities:
Rsync < 3.4.3 TOCTOU Race Condition Allows Symlink-Based Arbitrary File
Write. (CVE-2026-29518)
Rsync < 3.4.3 Authorization Bypass via Hostname Resolution.
(CVE-2026-43617)
Rsync < 3.4.3 Integer Overflow Information Disclosure. (CVE-2026-43618)
Rsync < 3.4.3 Symlink Race Condition via Path-Based Syscalls.
(CVE-2026-43619)
Rsync < 3.4.3 Out-of-Bounds Array Read via recv_files().
(CVE-2026-43620)
Rsync < 3.4.3 Off-by-One Stack Write via HTTP Proxy. (CVE-2026-45232)
                

References

SRPMS

10/core

9/core