Release date:
2026-06-03 11:38:40 UTC
Description:
- CVE-2026-43619: secure receiver-side path-based syscalls (do_chmod,
do_lchown, do_rename, do_unlink, do_mkdir, do_symlink, do_mknod,
do_link, do_rmdir, do_utimensat, do_lstat) against symlink-race
TOCTOU by routing through secure_relative_open + *at() wrappers,
harden secure_relative_open to reject .. components and confine
relative basedir, secure change_dir against chdir-escape, secure
copy_file source/dest opens, fix absolute --partial-dir delta
resume via secure_basis_open; add alt-dest-symlink-race /
bare-do-open-symlink-race / copy-dest-source-symlink /
secure-relpath-validation tests
Updated packages:
-
rsync-3.2.3-19.el9_2.tuxcare.els9.x86_64.rpm
sha:790444932f60861a78c6c0eeb5ac969be89b0e4accfa3ec086ceaca90b079f53
-
rsync-daemon-3.2.3-19.el9_2.tuxcare.els9.noarch.rpm
sha:da449cb478e4d8ac55e97165eaab89c51bbfa19e6077e57c4905618e5eeca5f4
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
