Release date:
2026-06-03 09:58:34 UTC
Description:
- CVE-2026-29518: fix daemon-no-chroot TOCTOU on parent path components by
routing both the sender read-path (sender.c) and the receiver write-path
(receiver.c open_tmpfile and recv_files inplace branch) through
secure_relative_open() / secure_mkstemp() from the trusted module root,
and add regression test (chdir-symlink-race.test case 4)
Updated packages:
-
rsync-3.2.3-19.el9_2.tuxcare.els8.x86_64.rpm
sha:ea1f34900491dcae2ae51febc641a189cf35438940453e6cfdc11163d749c9aa
-
rsync-daemon-3.2.3-19.el9_2.tuxcare.els8.noarch.rpm
sha:6e53581ed0fa5fc1288abeeac2607669d6f7e8ad45fef6cdaad5c192e411001e
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
