[CLSA-2026:1782981361] rsync: Fix of CVE-2026-45232
Type:
security
Severity:
Low
Release date:
2026-07-02 08:36:15 UTC
Description:
- CVE-2026-45232: fix off-by-one out-of-bounds stack write in establish_proxy_connection() when a malicious HTTP proxy returns an over-long response line without a newline; reject the buffer-full case instead of writing the NUL terminator one byte past the buffer
CVEs fixed:
Updated packages:
  • rsync-3.2.3-19.el9_2.tuxcare.els11.x86_64.rpm
    sha:90e9607fc23cbb87f57c4e16ccc4bcaf3950057b6edc1688d154c0685abf004f
  • rsync-daemon-3.2.3-19.el9_2.tuxcare.els11.noarch.rpm
    sha:e90a9f35f11fc3e4b870ca1f3af8b4932d752d87c0a7afcc6469db093dfd106c
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.