[SECURITY] [DSA 6282-1] rsync security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 6282-1] rsync security update
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 20 May 2026 13:26:29 +0000
Message-id: <[🔎] E1wPgwP-0000000GDTJ-41lZ@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6282-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
May 20, 2026                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : rsync
CVE ID         : CVE-2026-29518 CVE-2026-43617 CVE-2026-43618 CVE-2026-43619
                 CVE-2026-43620 CVE-2026-45232

Several vulnerabilities were discovered in rsync, a fast, versatile,
remote (and local) file-copying tool, which may result in local
privilege escalation, bypass of intended access restrictions, remote
memory disclosure to an authenticated daemon peer or denial of service.

For the oldstable distribution (bookworm), these problems have been fixed
in version 3.2.7-1+deb12u5.

For the stable distribution (trixie), these problems have been fixed in
version 3.4.1+ds1-5+deb13u3.

We recommend that you upgrade your rsync packages.

For the detailed security status of rsync please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/rsync

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmoNtldfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0RW3A//RjHBdaVB4bvFPH63WY5EtKsc3Bh09oNDmYcdHFWzNWXCBLadSwmrHQAc
5aEVWnBl7ku2cs3cvm9URsujFtIyxOICZOo+5aKAkWAOYj1iNabQal1PDxOFQPai
h4S4+z2uOSdXXLRUyKFNbiOvOIk+c/eM6oiFhuu/m3UL87NNfmG45XqaFleIjAuz
kUrA04Dcr7L12tLlZ2/DO4zy4PGwIiMyIAmmvf0KnZtWIdhqtVcNqeTDg1hyJPtq
cymGwr69lU6UaQ2h9YchtJiiLMkP/YUhjiA6QC84JAtgaiaL6k/QQVEo8VGf+T2V
fIFSCQpE3Ss/NlpBcDw6c6VxlrGLhJHqCaJAm0kUbi/Jb0+1jr8cc+kyr5uoeggk
SZUSZdZt3JuXEH7ykSy8Xp1EI2ddF8r7RtLf5fnHoaLbKaKXgRqylX1ff6muYLsb
oKnzJSY5JzZZbbNDUEx1hRPDAz9oQov9D1yt5wGBdR+Zt/KBrdl5EstPxuITI6j1
vU1gzF3CyX8aX/QbM89D2kCLvxXx3wMJSGivgKCa+2kPhEBLvrvwd0R0UcE6EhYm
uX7w+qTBHSMHBBmhtBV8piJghuLWniJOOgQFCH4qqUbc0JMbvK+eMfk4yvVeQ48f
CtyDDtop9zrFHK8oO6hiBefaLPeipX3oGzjbOMiFfgMo5tcdPi0=
=bbWm
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 6281-1] gnutls28 security update
Next by Date: [SECURITY] [DSA 6283-1] firefox-esr security update
Previous by thread: [SECURITY] [DSA 6281-1] gnutls28 security update
Next by thread: [SECURITY] [DSA 6283-1] firefox-esr security update
Index(es):
- Date
- Thread