ELA-1767-1 rsync security update

multiple vulnerabilities

2026-07-05
Packagersync
Version3.1.2-1+deb9u6 (stretch), 3.1.3-6+deb10u3 (buster)
Related CVEs CVE-2025-10158 CVE-2026-29518 CVE-2026-41035 CVE-2026-43617 CVE-2026-43618 CVE-2026-43619 CVE-2026-43620 CVE-2026-45232


Several vulnerabilities were discovered in rsync, a fast, versatile, remote (and local) file-copying tool, which may result in local privilege escalation, bypass of intended access restrictions, remote memory disclosure to an authenticated daemon peer or denial of service.



For Debian 10 buster, these problems have been fixed in version 3.1.3-6+deb10u3.

For Debian 9 stretch, these problems have been fixed in version 3.1.2-1+deb9u6.

We recommend that you upgrade your rsync packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.