← Back to blog

rsync Patch Fixes Security Update Regressions Affecting File Sync

Ubuntu's USN-8349-2 addresses functionality regressions introduced by critical rsync security patches. The update resolves issues while maintaining fixes for heap overflow, race conditions, and access control bypass vulnerabilities.

TL;DR

  • USN-8349-1 patched four rsync vulnerabilities but introduced multiple regressions in core functionality
  • USN-8349-2 resolves the regression issues while preserving security fixes for CVE-2025-10158, CVE-2026-29518, and CVE-2026-41035
  • Original vulnerabilities included heap-based out-of-bounds read, local privilege escalation via race condition, and hostname-based access control bypass
  • Systems running rsync daemons should apply the regression fix to restore normal file transfer operations
  • Administrators using non-chroot rsync configurations face elevated risk from path traversal and privilege escalation attacks

Ubuntu has released USN-8349-2 to address regressions introduced by the previous rsync security update (USN-8349-1). While the initial patch successfully mitigated four distinct vulnerabilities affecting rsync file synchronization, it inadvertently broke multiple core functionality features, prompting this follow-up fix.

The original advisory addressed critical issues including a heap-based out-of-bounds read vulnerability that could enable denial-of-service attacks, a race condition affecting non-chrooted daemon configurations that risked file overwrite and privilege escalation, and improper validation of extended attribute length values. Additionally, rsync daemons were found to perform reverse-DNS lookups after chrooting in certain configurations, potentially bypassing hostname-based access controls.

This regression patch restores normal rsync operations while maintaining the security protections established in USN-8349-1, ensuring organizations can safely deploy the update without sacrificing file transfer reliability.

Security Vulnerabilities Fixed in Original Patch

  • CVE-2025-10158: Heap-based out-of-bounds read during file transfers allowing remote denial-of-service attacks
  • CVE-2026-29518: Race condition in non-chrooted daemon configurations enabling local file overwrite, information disclosure, and privilege escalation
  • CVE-2026-41035: Improper length validation in extended attribute sorting leading to denial-of-service conditions
  • Reverse-DNS lookup bypass of hostname-based access controls in certain daemon configurations

Regression Impact and Resolution

  • USN-8349-1 introduced multiple regressions affecting rsync core functionality and file transfer operations
  • USN-8349-2 resolves these regressions while preserving all security fixes from the original patch
  • Organizations should prioritize applying the regression fix to restore operational stability
  • Non-chrooted rsync daemon configurations remain at elevated risk and should be reviewed for security posture

Sources

Sources

Security email updates

One digest email when we publish new security articles (TL;DR plus links to read more). Unsubscribe anytime from the message footer. See our Privacy Policy.

rsync Patch Fixes Security Update Regressions Affecting File Sync — Agent Breach Blog | Agent Breach