{"id":"CLSA-2026-1777544655","summary":"rsync: Fix of 2 CVEs","details":"- CVE-2024-12086: prevent server from reading arbitrary client files via\n  path traversal\n- CVE-2025-10158: fix invalid access to files array in sender\n- Add upstream stability fix (RsyncProject/rsync PR #706):\n  use-after-free in generator\n- Enable Amazon Linux 2 ELS","modified":"2026-06-01T00:33:18.629966160Z","published":"2026-05-02T01:10:44Z","upstream":["CVE-2024-12086","CVE-2025-10158"],"references":[{"type":"ADVISORY","url":"https://errata.tuxcare.com/els_os/centos7els/CLSA-2026-1777544655.html"}],"affected":[{"package":{"name":"rsync","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/rsync?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.2-12.0.1.el7_9.tuxcare.els3"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2026-1777544655.json"}}],"schema_version":"1.7.5"}