Debian alert DSA-6282-1 (rsync)
| From: | Salvatore Bonaccorso <carnil@debian.org> | |
| To: | debian-security-announce@lists.debian.org | |
| Subject: | [SECURITY] [DSA 6282-1] rsync security update | |
| Date: | Wed, 20 May 2026 13:26:29 +0000 | |
| Message-ID: | <E1wPgwP-0000000GDTJ-41lZ@seger.debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6282-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 20, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : rsync CVE ID : CVE-2026-29518 CVE-2026-43617 CVE-2026-43618 CVE-2026-43619 CVE-2026-43620 CVE-2026-45232 Several vulnerabilities were discovered in rsync, a fast, versatile, remote (and local) file-copying tool, which may result in local privilege escalation, bypass of intended access restrictions, remote memory disclosure to an authenticated daemon peer or denial of service. For the oldstable distribution (bookworm), these problems have been fixed in version 3.2.7-1+deb12u5. For the stable distribution (trixie), these problems have been fixed in version 3.4.1+ds1-5+deb13u3. We recommend that you upgrade your rsync packages. For the detailed security status of rsync please refer to its security tracker page at: https://security-tracker.debian.org/tracker/rsync Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmoNtldfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RW3A//RjHBdaVB4bvFPH63WY5EtKsc3Bh09oNDmYcdHFWzNWXCBLadSwmrHQAc 5aEVWnBl7ku2cs3cvm9URsujFtIyxOICZOo+5aKAkWAOYj1iNabQal1PDxOFQPai h4S4+z2uOSdXXLRUyKFNbiOvOIk+c/eM6oiFhuu/m3UL87NNfmG45XqaFleIjAuz kUrA04Dcr7L12tLlZ2/DO4zy4PGwIiMyIAmmvf0KnZtWIdhqtVcNqeTDg1hyJPtq cymGwr69lU6UaQ2h9YchtJiiLMkP/YUhjiA6QC84JAtgaiaL6k/QQVEo8VGf+T2V fIFSCQpE3Ss/NlpBcDw6c6VxlrGLhJHqCaJAm0kUbi/Jb0+1jr8cc+kyr5uoeggk SZUSZdZt3JuXEH7ykSy8Xp1EI2ddF8r7RtLf5fnHoaLbKaKXgRqylX1ff6muYLsb oKnzJSY5JzZZbbNDUEx1hRPDAz9oQov9D1yt5wGBdR+Zt/KBrdl5EstPxuITI6j1 vU1gzF3CyX8aX/QbM89D2kCLvxXx3wMJSGivgKCa+2kPhEBLvrvwd0R0UcE6EhYm uX7w+qTBHSMHBBmhtBV8piJghuLWniJOOgQFCH4qqUbc0JMbvK+eMfk4yvVeQ48f CtyDDtop9zrFHK8oO6hiBefaLPeipX3oGzjbOMiFfgMo5tcdPi0= =bbWm -----END PGP SIGNATURE-----