[USN-8299-1] Rclone vulnerabilities

========================================================================== Ubuntu Security Notice USN-8299-1 May 25, 2026 rclone vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in Rclone. Software Description: - rclone: rsync for commercial cloud storage Details: It was discovered that Rclone incorrectly handled authorization in the remote control API. An attacker could possibly use this issue to obtain sensitive information. (CVE-2026-41176) It was discovered that Rclone incorrectly handled backend instantiation via the remote control API. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-41179) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS rclone 1.60.1+dfsg-4ubuntu3.1 Ubuntu 25.10 rclone 1.60.1+dfsg-4ubuntu2.1 Ubuntu 24.04 LTS rclone 1.60.1+dfsg-3ubuntu0.24.04.5 Ubuntu 22.04 LTS rclone 1.53.3-4ubuntu1.22.04.4 Ubuntu 20.04 LTS rclone 1.50.2-2ubuntu0.2+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8299-1 CVE-2026-41176, CVE-2026-41179 Package Information: https://launchpad.net/ubuntu/+source/rclone/1.60.1+dfsg-4ubuntu3.1 https://launchpad.net/ubuntu/+source/rclone/1.60.1+dfsg-4ubuntu2.1 https://launchpad.net/ubuntu/+source/rclone/1.60.1+dfsg-3ubuntu0.24.04.5 https://launchpad.net/ubuntu/+source/rclone/1.53.3-4ubuntu1.22.04.4