An update for rsync is now available for openEuler-24.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-1177 Final 1.0 1.0 2026-01-16 Initial 2026-01-16 2026-01-16 openEuler SA Tool V1.0 2026-01-16 rsync security update An update for rsync is now available for openEuler-24.03-LTS-SP1 Rsync is an open source utility that provides fast incremental file transfer. It uses the "rsync algorithm" which provides a very fast method for bringing remote files into sync. It does this by sending just the differences in the files across the link, without requiring that both sets of files are present at one of the ends of the link beforehand. Security Fix(es): A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue.(CVE-2025-10158) An update for rsync is now available for openEuler-24.03-LTS-SP1. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium rsync https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1177 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-10158 https://nvd.nist.gov/vuln/detail/CVE-2025-10158 openEuler-24.03-LTS-SP1 rsync-3.2.7-7.oe2403sp1.aarch64.rpm rsync-debuginfo-3.2.7-7.oe2403sp1.aarch64.rpm rsync-debugsource-3.2.7-7.oe2403sp1.aarch64.rpm rsync-help-3.2.7-7.oe2403sp1.aarch64.rpm rsync-3.2.7-7.oe2403sp1.src.rpm rsync-3.2.7-7.oe2403sp1.x86_64.rpm rsync-debuginfo-3.2.7-7.oe2403sp1.x86_64.rpm rsync-debugsource-3.2.7-7.oe2403sp1.x86_64.rpm rsync-help-3.2.7-7.oe2403sp1.x86_64.rpm A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue. 2026-01-16 CVE-2025-10158 openEuler-24.03-LTS-SP1 Medium 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N rsync security update 2026-01-16 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1177