Ubuntu alert USN-8299-1 (rclone)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-8299-1] Rclone vulnerabilities | |
| Date: | Mon, 25 May 2026 09:36:56 +0000 | |
| Message-ID: | <E1wRRk0-0006ly-8F@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-8299-1 May 25, 2026 rclone vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in Rclone. Software Description: - rclone: rsync for commercial cloud storage Details: It was discovered that Rclone incorrectly handled authorization in the remote control API. An attacker could possibly use this issue to obtain sensitive information. (CVE-2026-41176) It was discovered that Rclone incorrectly handled backend instantiation via the remote control API. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-41179) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS rclone 1.60.1+dfsg-4ubuntu3.1 Ubuntu 25.10 rclone 1.60.1+dfsg-4ubuntu2.1 Ubuntu 24.04 LTS rclone 1.60.1+dfsg-3ubuntu0.24.04.5 Ubuntu 22.04 LTS rclone 1.53.3-4ubuntu1.22.04.4 Ubuntu 20.04 LTS rclone 1.50.2-2ubuntu0.2+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8299-1 CVE-2026-41176, CVE-2026-41179 Package Information: https://launchpad.net/ubuntu/+source/rclone/1.60.1+dfsg-4... https://launchpad.net/ubuntu/+source/rclone/1.60.1+dfsg-4... https://launchpad.net/ubuntu/+source/rclone/1.60.1+dfsg-3... https://launchpad.net/ubuntu/+source/rclone/1.53.3-4ubunt...
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmoUFs0ACgkQcpJm3tlz hgECDRAAsh7dXYEXDcPSCJ8xSyGV+JzC03E8a1Temrab5lMd/D2gRVIJa75oYUd8 7fZhXhZ0tQ/Sfkx4Ik7lSlYzEH+bBbnpZ95bw+/bCFUlpDBZKukabHNo6xrrJPbD RoNkxxqJthCyfbePxg/yxabCj8ibHxIMc/BnjYenuxJ3Xpwke6Fg5Eug18NMwoJm s+ZFtKRoRmpcIDdC21K9cge2CScXhuUguMUnBFN88I3Fa+JB8lxCZ2GC1Q5woRuX ewbgN0XBOoW11EzViWkEI3oYdhOqP1InzQhrvBXRx3UdsPTdkca8mP9l1w/k+x6t qUQbeBQpkRRIzJNHcLaafE96OIyfk2x0fm+aBWurCH8lExZ+xHhuk+YkGZBr27j6 2OTG3a8c2I+xviLjsZ3BJcQJ72lPMFOHtRrQwtvNY+VBNbtogul6gnLvuHh6m9v1 JdYZPBVRFcFxcadJwh2f5xnr2TiuICx8XnQOw2bOIPrWSuaCtYdwyv5ZYx8DpZWR NER744+x/ScYv8B/FtQs0UMG9D4gt7BABkj3VlQLjAXosZ+QzUXAJ/i1P/uicP99 QkZzT1AjMwefqYQTJ7bH9lcNVYzEeeG6eR2vi9DJurx3N3rAfJmAkTZXKgHwHhHW zJWnDFpC7QNiWBpGrnSESilngwYGWwHmqF6pKUf/EtsWYXngO7I= =F+Jv -----END PGP SIGNATURE-----