Synopsis:
rsync security updateSummary:
An update for rsync is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP3Description:
Rsync is an open source utility that provides fast incremental file transfer. It uses the "rsync algorithm" which provides a very fast method for bringing remote files into sync. It does this by sending just the differences in the files across the link, without requiring that both sets of files are present at one of the ends of the link beforehand.
Security Fix(es):
In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are more widely vulnerable.(CVE-2026-41035)Topic:
An update for rsync is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP3.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Severity:
HighAffected Component:
rsync
3.1.3-13.oe2003sp43.1.3-13.oe2003sp43.1.3-13.oe2003sp43.1.3-13.oe2003sp43.2.5-6.oe2203sp43.2.5-6.oe2203sp43.2.5-6.oe2203sp43.2.5-6.oe2203sp43.2.7-8.oe24033.2.7-8.oe2403Exploitability
AV:NAC:LPR:LUI:NScope
S:CImpact
C:LI:LA:L7.4/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L