Threats Tagged 'cve-2025-10158'

Two security vulnerabilities have been identified in the rsync utility used in Red Hat Enterprise Linux 9. 2 and related products. The first is an out-of-bounds array access via a negative index (CVE-2025-10158), and the second is a use-after-free vulnerability in extended attribute handling (CVE-2026-41035). These issues could potentially lead to memory corruption or crashes. Red Hat has released updated rsync packages addressing these vulnerabilities. The update is rated as Important by Red Hat Product Security. There is no indication of known exploits in the wild at this time.

A moderate severity vulnerability (CVE-2025-10158) has been identified in the rsync utility used in Red Hat Enterprise Linux 9. The issue involves an out-of-bounds array access via a negative index, which could lead to unexpected behavior or potential security risks. Red Hat has released an update addressing this vulnerability for multiple architectures and variants of Red Hat Enterprise Linux 9. Users are advised to apply the provided update to remediate the issue.

Multiple security vulnerabilities affecting RHEL-8 based Middleware Containers container images have been addressed by Red Hat in updated container images. These include high severity issues such as a stack-based buffer overflow in GnuTLS (CVE-2025-9820), denial of service vulnerabilities, information disclosure, and arbitrary code execution in various components including libarchive and Python. The advisory covers a range of CVEs fixed by backported patches in updated container images. Users are advised to upgrade to the updated images and rebuild dependent container images to mitigate these issues.

This advisory addresses multiple security vulnerabilities in the rsync utility used in Red Hat Enterprise Linux 9. 6 Extended Update Support and related variants. The issues include an rsync server leaking arbitrary client files (CVE-2024-12086), an out-of-bounds array access via negative index (CVE-2025-10158), and a use-after-free vulnerability in extended attribute handling (CVE-2026-41035). These vulnerabilities have been rated with an important security impact by Red Hat Product Security. Updates fixing these issues are available and should be applied to affected systems. The advisory covers various architectures including x86_64, s390x, ppc64le, and aarch64. No known exploits in the wild have been reported at this time.

Two security vulnerabilities have been identified in the rsync utility used in Red Hat Enterprise Linux 9. 4 Extended Update Support. These include an out-of-bounds array access via a negative index (CVE-2025-10158) and a use-after-free vulnerability in extended attribute handling (CVE-2026-41035). Both vulnerabilities have been rated with an important security impact by Red Hat Product Security. A security update addressing these issues is available for affected Red Hat Enterprise Linux 9. 4 versions. Users are advised to apply the update as detailed in the Red Hat advisory to remediate these vulnerabilities.

Two security vulnerabilities have been identified in the rsync utility used in Red Hat Enterprise Linux 10. 0 Extended Update Support. The first is an out-of-bounds array access via a negative index (CVE-2025-10158), and the second is a use-after-free vulnerability in extended attribute handling (CVE-2026-41035). These issues have been addressed by Red Hat in updated rsync packages. The update is rated as having an Important security impact by Red Hat Product Security. No known exploits are reported in the wild at this time.