rsync Patch Fixes Security Update Regressions Affecting File Sync
Ubuntu's USN-8349-2 addresses functionality regressions introduced by critical rsync security patches. The update resolves issues while maintaining fixes for heap overflow, race conditions, and access control bypass vulnerabilities.
TL;DR
- USN-8349-1 patched four rsync vulnerabilities but introduced multiple regressions in core functionality
- USN-8349-2 resolves the regression issues while preserving security fixes for CVE-2025-10158, CVE-2026-29518, and CVE-2026-41035
- Original vulnerabilities included heap-based out-of-bounds read, local privilege escalation via race condition, and hostname-based access control bypass
- Systems running rsync daemons should apply the regression fix to restore normal file transfer operations
- Administrators using non-chroot rsync configurations face elevated risk from path traversal and privilege escalation attacks
Ubuntu has released USN-8349-2 to address regressions introduced by the previous rsync security update (USN-8349-1). While the initial patch successfully mitigated four distinct vulnerabilities affecting rsync file synchronization, it inadvertently broke multiple core functionality features, prompting this follow-up fix.
The original advisory addressed critical issues including a heap-based out-of-bounds read vulnerability that could enable denial-of-service attacks, a race condition affecting non-chrooted daemon configurations that risked file overwrite and privilege escalation, and improper validation of extended attribute length values. Additionally, rsync daemons were found to perform reverse-DNS lookups after chrooting in certain configurations, potentially bypassing hostname-based access controls.
This regression patch restores normal rsync operations while maintaining the security protections established in USN-8349-1, ensuring organizations can safely deploy the update without sacrificing file transfer reliability.
Security Vulnerabilities Fixed in Original Patch
- CVE-2025-10158: Heap-based out-of-bounds read during file transfers allowing remote denial-of-service attacks
- CVE-2026-29518: Race condition in non-chrooted daemon configurations enabling local file overwrite, information disclosure, and privilege escalation
- CVE-2026-41035: Improper length validation in extended attribute sorting leading to denial-of-service conditions
- Reverse-DNS lookup bypass of hostname-based access controls in certain daemon configurations
Regression Impact and Resolution
- USN-8349-1 introduced multiple regressions affecting rsync core functionality and file transfer operations
- USN-8349-2 resolves these regressions while preserving all security fixes from the original patch
- Organizations should prioritize applying the regression fix to restore operational stability
- Non-chrooted rsync daemon configurations remain at elevated risk and should be reviewed for security posture
Sources
Sources
Security email updates
One digest email when we publish new security articles (TL;DR plus links to read more). Unsubscribe anytime from the message footer. See our Privacy Policy.