Fedora has issued an advisory on March 4: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QZOPBIA4TYYH7HBPKXO4XFIWVXML27HR/
Flags: (none) => affects_mga9+CVE: (none) => CVE-2025-10158Whiteboard: (none) => MGA9TOOSource RPM: (none) => rsync-3.4.1-2.mga10.src.rpm, rsync-3.2.7-1.2.mga9.src.rpm
Suggested advisory: ======================== The updated package fixes a security vulnerability: Out of bounds array access via negative index. (CVE-2025-10158) References: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QZOPBIA4TYYH7HBPKXO4XFIWVXML27HR/ ======================== Updated package in core/updates_testing: ======================== rsync-3.2.7-1.3.mga9 from SRPM: rsync-3.2.7-1.3.mga9.src.rpm
Source RPM: rsync-3.4.1-2.mga10.src.rpm, rsync-3.2.7-1.2.mga9.src.rpm => rsync-3.2.7-1.2.mga9.src.rpmStatus: NEW => ASSIGNEDFlags: affects_mga9+ => (none)Assignee: bugsquad => qa-bugsVersion: Cauldron => 9Whiteboard: MGA9TOO => (none)
Keywords: (none) => advisory
Installed and tested without issues. Tested: - list-only; - syncing local to local; - syncing remote (ssh) to local; - syncing local to remote (ssh); - systemd socket activation; - syncing remote (rsync) to local; - syncing local to remote (rsync); - syncing inplace large VM images. System client: Mageia 9, x86_64, AMD Ryzen 5 5600G with Radeon Graphics. System server: Mageia 9, x86_64, Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz. $ # System client $ uname -a Linux jupiter 6.6.120-desktop-1.mga9 #1 SMP PREEMPT_DYNAMIC Wed Jan 14 01:59:53 UTC 2026 x86_64 GNU/Linux $ rpm -q rsync rsync-3.2.7-1.3.mga9 $ # System server $ uname -a Linux marte 6.6.120-server-1.mga9 #1 SMP PREEMPT_DYNAMIC Wed Jan 14 03:15:42 UTC 2026 x86_64 GNU/Linux $ rpm -q rsync rsync-3.2.7-1.3.mga9 $ systemctl status rsyncd.socket ● rsyncd.socket - Rsync Server Socket Loaded: loaded (/usr/lib/systemd/system/rsyncd.socket; disabled; preset: disabled) Active: active (listening) since Thu 2026-03-05 09:09:43 WET; 1s ago Listen: [::]:873 (Stream) Accepted: 0; Connected: 0; Tasks: 0 (limit: 19018) Memory: 8.0K CPU: 956us CGroup: /system.slice/rsyncd.socket mar 05 09:09:43 marte systemd[1]: Listening on rsyncd.socket. $ journalctl -b0 -u rsyncd@* mar 05 08:55:03 marte systemd[1]: Started rsyncd@0-10.0.0.1:873-10.0.0.2:53028.service. mar 05 08:55:03 marte rsyncd[4013425]: connect from jupiter.wg0 (10.0.0.2) mar 05 08:55:03 marte rsyncd[4013425]: rsync allowed access on module share from jupiter.wg0 (10.0.0.2) mar 05 08:55:03 marte rsyncd[4013425]: rsync on share/ from jupiter.wg0 (10.0.0.2) mar 05 08:55:03 marte rsyncd[4013425]: building file list mar 05 08:55:03 marte rsyncd[4013425]: sent 603 bytes received 25 bytes total size 11 mar 05 08:55:03 marte systemd[1]: rsyncd@0-10.0.0.1:873-10.0.0.2:53028.service: Deactivated successfully. mar 05 08:55:34 marte systemd[1]: Started rsyncd@1-10.0.0.1:873-10.0.0.2:35666.service. mar 05 08:55:34 marte rsyncd[4013569]: connect from jupiter.wg0 (10.0.0.2) mar 05 08:55:34 marte rsyncd[4013569]: rsync allowed access on module share from jupiter.wg0 (10.0.0.2) mar 05 08:55:34 marte rsyncd[4013569]: rsync on share/tmp/ from jupiter.wg0 (10.0.0.2) mar 05 08:55:34 marte rsyncd[4013569]: building file list mar 05 08:55:34 marte rsyncd[4013569]: sent 821 bytes received 25 bytes total size 752211176 mar 05 08:55:34 marte systemd[1]: rsyncd@1-10.0.0.1:873-10.0.0.2:35666.service: Deactivated successfully. mar 05 08:55:40 marte systemd[1]: Started rsyncd@2-10.0.0.1:873-10.0.0.2:35670.service. mar 05 08:55:40 marte rsyncd[4013594]: connect from jupiter.wg0 (10.0.0.2) mar 05 08:55:40 marte rsyncd[4013594]: rsync allowed access on module share from jupiter.wg0 (10.0.0.2) mar 05 08:55:40 marte rsyncd[4013594]: rsync on share/tmp/ebook/ from jupiter.wg0 (10.0.0.2) mar 05 08:55:40 marte rsyncd[4013594]: building file list mar 05 08:55:40 marte rsyncd[4013594]: sent 9796 bytes received 25 bytes total size 1732965671 mar 05 08:55:40 marte systemd[1]: rsyncd@2-10.0.0.1:873-10.0.0.2:35670.service: Deactivated successfully. mar 05 08:56:07 marte systemd[1]: Started rsyncd@3-10.0.0.1:873-10.0.0.2:47934.service. mar 05 08:56:07 marte rsyncd[4013661]: connect from jupiter.wg0 (10.0.0.2) mar 05 08:56:07 marte rsyncd[4013661]: rsync allowed access on module share from jupiter.wg0 (10.0.0.2) mar 05 08:56:07 marte rsyncd[4013661]: rsync on share/tmp/ebook/ from jupiter.wg0 (10.0.0.2) mar 05 08:56:07 marte rsyncd[4013661]: building file list mar 05 08:57:31 marte rsyncd[4013661]: sent 3512597750 bytes received 8121 bytes total size 3511701206 mar 05 08:57:31 marte systemd[1]: rsyncd@3-10.0.0.1:873-10.0.0.2:47934.service: Deactivated successfully. mar 05 08:57:31 marte systemd[1]: rsyncd@3-10.0.0.1:873-10.0.0.2:47934.service: Consumed 3.785s CPU time. mar 05 08:57:38 marte systemd[1]: Started rsyncd@4-10.0.0.1:873-10.0.0.2:35480.service. mar 05 08:57:38 marte rsyncd[4014365]: connect from jupiter.wg0 (10.0.0.2) mar 05 08:57:38 marte rsyncd[4014365]: rsync allowed access on module share from jupiter.wg0 (10.0.0.2) mar 05 08:57:38 marte rsyncd[4014365]: rsync on share/tmp/ebook/ from jupiter.wg0 (10.0.0.2) mar 05 08:57:38 marte rsyncd[4014365]: building file list mar 05 08:57:38 marte rsyncd[4014365]: sent 23192 bytes received 75 bytes total size 3511701206 mar 05 08:57:38 marte systemd[1]: rsyncd@4-10.0.0.1:873-10.0.0.2:35480.service: Deactivated successfully. <SNIP>
CC: (none) => mageia
No installation issues. Tested with Mageiasync, on the latest round of Cauldron test isos, with no issues. Validating.
CC: (none) => andrewsfarm, sysadmin-bugsWhiteboard: (none) => MGA9-64-OKKeywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2026-0048.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED