Home / mailings [SECURITY] [DSA 6282-1] rsync security update
Posted on 20 May 2026
Debian Security Advisory- -------------------------------------------------------------------------
Debian Security Advisory DSA-6282-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 20, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : rsync
CVE ID : CVE-2026-29518 CVE-2026-43617 CVE-2026-43618 CVE-2026-43619
CVE-2026-43620 CVE-2026-45232
Several vulnerabilities were discovered in rsync, a fast, versatile,
remote (and local) file-copying tool, which may result in local
privilege escalation, bypass of intended access restrictions, remote
memory disclosure to an authenticated daemon peer or denial of service.
For the oldstable distribution (bookworm), these problems have been fixed
in version 3.2.7-1+deb12u5.
For the stable distribution (trixie), these problems have been fixed in
version 3.4.1+ds1-5+deb13u3.
We recommend that you upgrade your rsync packages.
For the detailed security status of rsync please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/rsync
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
