Release date:
2026-05-29 14:28:14 UTC
Description:
* SECURITY UPDATE: receiver use-after-free in receive_xattr() via a
wire-supplied xattr count passed to qsort():
- debian/patches/els/0007-CVE-2026-41035.patch: sort temp_xattr.count
stored items instead of the untrusted wire count.
- CVE-2026-41035.
Updated packages:
-
rsync_3.1.3-6+tuxcare.els3_amd64.deb
sha:42ab8aeedd50715c5d3988e065c67092e6a58950
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
