Debian alert DLA-4591-1 (rsync)
| From: | Thorsten Alteholz <debian@alteholz.de> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 4591-1] rsync security update | |
| Date: | Wed, 20 May 2026 14:39:10 +0000 | |
| Message-ID: | <5d3c3ed-af23-39f0-ad56-5e468c623af7@alteholz.de> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4591-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Thorsten Alteholz May 20, 2026 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : rsync Version : 3.2.3-4+deb11u4 CVE ID : CVE-2026-29518 CVE-2026-43617 CVE-2026-43618 CVE-2026-43619 CVE-2026-43620 Several vulnerabilities were discovered in rsync, a fast, versatile, remote (and local) file-copying tool, which may result in local privilege escalation, bypass of intended access restrictions, remote memory disclosure to an authenticated daemon peer or denial of service. For Debian 11 bullseye, these problems have been fixed in version 3.2.3-4+deb11u4. We recommend that you upgrade your rsync packages. For the detailed security status of rsync please refer to its security tracker page at: https://security-tracker.debian.org/tracker/rsync Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmoNx45fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEdv1BAAwJv2aK/pE3cooBlHsbjlNrPGBgPHoxmdsmS5o+nn2t4jOWcvhBVf6vcM 8B7kAB7xRCmoPHRWBhexKgjgCttTJxmxs9McbKeywOz7mwGHPOjP8lQA9pU07NCs 7naJGcO90j7KorU9ttKUgmWtai2vjiLiFTQ+ws0geRh3Zk0J27mG+q1nsuPhgM7z Jj9gW0BTlCUYpDQPwMDnnspjEcNbx98xtWQ1bozsuxd1cuJAwjFNC45bg78ZGopw PJt9wshToY+/RkBgBTqAyoiPeXgd0YO43h/kiE2bfHBpplUMPf7xmx1MdeJN3Zz1 QIsvg0rznZZwbno7fXVnkothjsEPuBzfKY+kTWyDu+IM9Uw5mEwnvd4S7/xO5tJ6 bofxvb8f67+mQ4EzIxzeCuL8VaQxx2eAHxvLLAPjgqRF+2QXPRQNgsl+XWmGLD1T yo8/6zymWl6I2wKDXch1MvmeDC4cVufXCi66VDauI4+Zog3AcwWhSrYGr13ljlLh dLMYzoVwFKi9kRht/82RatVi5Ppmrwo8CmsJDhgnL3+FMnAEdMHlCYjMlfnrbb6A BMPTcIrhIkGcEB1EUIuJuI7EoS4DCMeuI9SvGbNE+FEfO0aHQ/Kcj5qqBJnpQvX6 54fUtGibWl8Nbkz1eSUhG+IHTrdxJjAav4QR+BweeyXs1sEfwLE= =IZZ8 -----END PGP SIGNATURE-----