This bug was fixed in the package rclone - 1.60.1+dfsg-4ubuntu3.1
---------------
rclone (1.60.1+dfsg-4ubuntu3.1) resolute-security; urgency=medium
* SECURITY UPDATE: authentication bypass in rcd leading to sensitive
operations and/or remote command execution (LP: #2152913)
- debian/patches/CVE-2026-41176.patch
- debian/patches/CVE-2026-41176-2.patch
- CVE-2026-41176
* SECUIRTY UPDATE: unauthenticated remote command execution in rcd
(LP: #2152914)
- debian/patches/CVE-2026-41179.patch
- CVE-2026-41179
-- Wesley Hershberger <[email protected]> Mon, 18 May
2026 10:16:02 -0500
** Changed in: rclone (Ubuntu Resolute)
Status: Fix Committed => Fix Released
** CVE added: https://cve.org/CVERecord?id=CVE-2026-41176
** Changed in: rclone (Ubuntu Questing)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2152914
Title:
CVE-2026-41179
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rclone/+bug/2152914/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
