Fedora Account System
Red Hat Associate
Red Hat Customer
In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are more widely vulnerable.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:17481 https://access.redhat.com/errata/RHSA-2026:17481
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:19152 https://access.redhat.com/errata/RHSA-2026:19152
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:19368 https://access.redhat.com/errata/RHSA-2026:19368
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2026:20601 https://access.redhat.com/errata/RHSA-2026:20601
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:20602 https://access.redhat.com/errata/RHSA-2026:20602
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2026:20604 https://access.redhat.com/errata/RHSA-2026:20604
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:20603 https://access.redhat.com/errata/RHSA-2026:20603
This issue has been addressed in the following products: Red Hat Enterprise Linux 10.0 Extended Update Support Via RHSA-2026:20696 https://access.redhat.com/errata/RHSA-2026:20696
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.19 Via RHSA-2026:23245 https://access.redhat.com/errata/RHSA-2026:23245
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2026:25149 https://access.redhat.com/errata/RHSA-2026:25149
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2026:25170 https://access.redhat.com/errata/RHSA-2026:25170
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extended Lifecycle Support Via RHSA-2026:25172 https://access.redhat.com/errata/RHSA-2026:25172
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION Via RHSA-2026:25173 https://access.redhat.com/errata/RHSA-2026:25173
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On Via RHSA-2026:25190 https://access.redhat.com/errata/RHSA-2026:25190
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2026:23233 https://access.redhat.com/errata/RHSA-2026:23233
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.18 Via RHSA-2026:25181 https://access.redhat.com/errata/RHSA-2026:25181
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2026:25044 https://access.redhat.com/errata/RHSA-2026:25044
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2026:26542 https://access.redhat.com/errata/RHSA-2026:26542
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2026:28887 https://access.redhat.com/errata/RHSA-2026:28887