Fedora alert FEDORA-2026-d4d8ae2bdc (rsync)
| From: | updates--- via package-announce <package-announce@lists.fedoraproject.org> | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 43 Update: rsync-3.4.1-6.fc43 | |
| Date: | Thu, 21 May 2026 01:28:40 +0000 | |
| Message-ID: | <20260521012840.4DB2B6D00E@bastion01.rdu3.fedoraproject.org> | |
| Archive-link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-d4d8ae2bdc 2026-05-21 01:26:51.960462+00:00 -------------------------------------------------------------------------------- Name : rsync Product : Fedora 43 Version : 3.4.1 Release : 6.fc43 URL : https://rsync.samba.org/ Summary : A program for synchronizing files over a network Description : Rsync uses a reliable algorithm to bring remote and host files into sync very quickly. Rsync is fast because it just sends the differences in the files over the network instead of sending the complete files. Rsync is often used as a very powerful mirroring process or just as a more capable replacement for the rcp command. A technical report which describes the rsync algorithm is included in this package. -------------------------------------------------------------------------------- Update Information: Fixing various bugs from Upstream. I did not do a rebase since the Upstream stopped supporting the rsync-patches repo. I accepted this change in Rawhide but it changes the usage of one option that is no longer available in rsync. This is why I avoided the rebase in older stable branches. -------------------------------------------------------------------------------- ChangeLog: * Wed May 6 2026 Michal Ruprich <mruprich@redhat.com> - 3.4.1-6 - Fix for CVE-2026-41035 - Fixing bad time in rsync logs - Fixing regression from CVE-2024-12086 fix - Fixing improper clearing of DISPLAY env variable -------------------------------------------------------------------------------- References: [ 1 ] Bug #2339145 - failed verification -- update discarded - regression from CVE fixes https://bugzilla.redhat.com/show_bug.cgi?id=2339145 [ 2 ] Bug #2417003 - Bad time in rsync daemon log https://bugzilla.redhat.com/show_bug.cgi?id=2417003 [ 3 ] Bug #2459115 - CVE-2026-41035 rsync: Rsync: Use-after-free vulnerability in extended attribute handling [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2459115 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-d4d8ae2bdc' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgr... All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond... List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-ann... Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new