Detections
Analytics
SUSE SLES15 : Security update 5.0.7 for Multi-Linux Manager Proxy (SUSE-SU-2026:1010-1)
high Nessus Plugin ID 303781
Synopsis
The remote SUSE host is missing a security update.Description
The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:1010-1 advisory.branch-network-formula:
- Update to version 1.1.0
* Enable containers on SLE15SP7
* Exclude podman interfaces from sysctl setting
cobbler:
- Compatibility fixes for tftpboot directory setup
inter-server-sync:
- Version 0.3.10-0
* Write log to a rotated file without rsyslog and logrotate
* Recreate cobbler entries on the import (bsc#1220899)
* remove support for 4.2 file based pillars
* use correct hostname detection for 5.x servers (bsc#1253322)
jose4j:
- CVE-2024-29371: Safeguard against excessive resource utilization by restricting the size of data during JWE payload decompression (bsc#1255298)
liberate-formula:
- Version 0.1.2
* Add option to prevent logo packages from being installed
spacecmd:
- Version 5.0.15-0
* Fix typo in spacecmd help ca-cert flag (bsc#1253174)
* Convert cached IDs to int (bsc#1251995)
* Fix spacecmd binary file upload (bsc#1253659)
spacewalk-backend:
- Version 5.0.17-0
* Fix reposync mediaproduct fetch when URL contains auth token (bsc#1252388)
spacewalk-certs-tools:
- Version 5.0.13-0
* Fix bootstrap script for SLM 6.2 (bsc#1257992)
* Fix failing bootstrap with bootstrap script on SLES 16 and SL Micro 6.2 (bsc#1256991)
spacewalk-client-tools:
- Version 5.0.12-0
* Update translation strings
spacewalk-config:
- Version 5.0.9-0
* Enable HSTS in Apache config (bsc#1255176)
* Force SameSite=Lax on all Set-Cookie headers (bsc#1253711)
spacewalk-java:
- Version 5.0.31-0
* Commit DB changes before refreshing pillar for SSH push minions (bsc#1253712)
* Fix http proxy verification (bsc#1253501)
* Fix: Broken URL in API docs (bsc#1244177)
* Fix crash in ubuntu errata sync on deleted channel ids (bsc#1250561)
* Fix dnf updateinfo showing wrong severity for security updates (bsc#1252937)
* Add details on config channels and state order in UI (bsc#1253285)
* fix reposync crashing at metadata generation (bsc#1257538)
* Block multiple versions of the same package from being locked (bsc#1246315)
* Use PackageEvr instead of string for fix_version (bsc#1252638)
* Add multi-thread support for message queue (bsc#1247722)
* Fix ungrouped systems list menu item (bsc#1254251)
spacewalk-proxy:
- Version 5.0.8-0
* Disable listing the content of /icons (bsc#1247544)
spacewalk-proxy-installer:
- Version 5.0.3-0
* Configure squid replacement policy properly before cache dir (bsc#1253773)
spacewalk-web:
- Version 5.0.26-0
* Update web UI dependencies
* Add details on config channels and state order in UI (bsc#1253285)
susemanager:
- Version 5.0.17-0
* Fix the product ids of client tools channels
* Fixed the package name to correct one (bsc#1255089)
susemanager-build-keys:
- Add openSUSE Backports for SUSE Linux 16 key (bsc#1257255)
susemanager-docs_en:
- Updated the screenshots in multiple sections in Installation and Upgrade Guide
- Reformatted storage-scripts table to use plain paragraphs instead of bullet lists to fix po4a extraction issue causing missing bullets in CJK translations
- Added a warning for all instances where mgradm upgrade podman is used
- Added section about container-based Kiwi image build support to Administration guide (bsc#1251865)
- Included global GPG decryption for pillar data in specialized guide (bsc#1255743)
- CIS removed from list of supported OpenSCAP profiles
- Changes example for the third-party repository GPG keys (bsc#1255857)
- Added SLE16 and openSUSE Leap 16 as supported clients
- Explained how to generate the proxy certificates on a peripheral server (bsc#1249425)
- Improved procedure formatting for better clarity in Administration Guide (bsc#1253660)
- Added links to man pages for createrepo_c and reprepro to Administration Guide (bsc#1237181)
- Added missing options to command example in Installation and Upgrade Guide (bsc#1252908)
- Added non-SUSE URLs to requirements in installation and Upgrade Guide (bsc#1252665)
- Fixed typo for command options in Reference Guide (bsc#1253174)
- Added additional step for client deletion in Client Configuration Guide (bsc#1253249)
- Clarified server config option for spacemd in Refrence Guide (bsc#1253197)
- Changed the installation instructions to use product instead of packages (bsc#1249041)
susemanager-schema:
- Version 5.0.18-0
* Refactor oval related tables (bsc#1252638)
* Increase size of column 'context' on tables 'suseappstream' and 'suseserverappstream' (bsc#1255653)
* Add leftovers of partially missing ARMHF for Debian (bsc#1248783)
susemanager-sls:
- Version 5.0.21-0
* Fix error on shutdown for sles 12 (bsc#1255634)
* Fix bootstrap for SLM 6.2 and newer (bsc#1257992)
* Make mgr_events salt engine non-blocking on reading events
* Avoid losing the events on DB connection issues (bsc#1252098)
Tenable has extracted the preceding description block directly from the SUSE security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://bugzilla.suse.com/1220899
https://bugzilla.suse.com/1237181
https://bugzilla.suse.com/1244177
https://bugzilla.suse.com/1246315
https://bugzilla.suse.com/1247544
https://bugzilla.suse.com/1247722
https://bugzilla.suse.com/1248783
https://bugzilla.suse.com/1249041
https://bugzilla.suse.com/1249425
https://bugzilla.suse.com/1250561
https://bugzilla.suse.com/1251865
https://bugzilla.suse.com/1251995
https://bugzilla.suse.com/1252098
https://bugzilla.suse.com/1252388
https://bugzilla.suse.com/1252638
https://bugzilla.suse.com/1252665
https://bugzilla.suse.com/1252908
https://bugzilla.suse.com/1252937
https://bugzilla.suse.com/1253174
https://bugzilla.suse.com/1253197
https://bugzilla.suse.com/1253249
https://bugzilla.suse.com/1253285
https://bugzilla.suse.com/1253322
https://bugzilla.suse.com/1253501
https://bugzilla.suse.com/1253659
https://bugzilla.suse.com/1253660
https://bugzilla.suse.com/1253711
https://bugzilla.suse.com/1253712
https://bugzilla.suse.com/1253773
https://bugzilla.suse.com/1254251
https://bugzilla.suse.com/1255089
https://bugzilla.suse.com/1255176
https://bugzilla.suse.com/1255298
https://bugzilla.suse.com/1255634
https://bugzilla.suse.com/1255653
https://bugzilla.suse.com/1255743
https://bugzilla.suse.com/1255857
https://bugzilla.suse.com/1256991
https://bugzilla.suse.com/1257255
https://bugzilla.suse.com/1257538
https://bugzilla.suse.com/1257992
Plugin Details
Severity: High
ID: 303781
File Name: suse_SU-2026-1010-1.nasl
Version: 1.1
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 3/26/2026
Updated: 3/26/2026
Supported Sensors: Nessus Agent, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.1
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS Score Source: CVE-2024-29371
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:suse-manager-5.0-s390x-proxy-salt-broker-image, p-cpe:/a:novell:suse_linux:suse-manager-5.0-ppc64le-server-image, p-cpe:/a:novell:suse_linux:suse-manager-5.0-x86_64-server-migration-14-16-image, p-cpe:/a:novell:suse_linux:suse-manager-5.0-aarch64-server-image, p-cpe:/a:novell:suse_linux:suse-manager-5.0-aarch64-proxy-httpd-image, p-cpe:/a:novell:suse_linux:suse-manager-5.0-aarch64-server-hub-xmlrpc-api-image, p-cpe:/a:novell:suse_linux:suse-manager-5.0-aarch64-server-attestation-image, p-cpe:/a:novell:suse_linux:suse-manager-5.0-x86_64-proxy-httpd-image, p-cpe:/a:novell:suse_linux:suse-manager-5.0-s390x-server-hub-xmlrpc-api-image, p-cpe:/a:novell:suse_linux:suse-manager-5.0-x86_64-proxy-ssh-image, p-cpe:/a:novell:suse_linux:suse-manager-5.0-ppc64le-proxy-ssh-image, p-cpe:/a:novell:suse_linux:suse-manager-5.0-x86_64-proxy-salt-broker-image, p-cpe:/a:novell:suse_linux:suse-manager-5.0-x86_64-proxy-tftpd-image, p-cpe:/a:novell:suse_linux:suse-manager-5.0-aarch64-proxy-tftpd-image, p-cpe:/a:novell:suse_linux:suse-manager-5.0-aarch64-server-migration-14-16-image, p-cpe:/a:novell:suse_linux:suse-manager-5.0-s390x-server-image, p-cpe:/a:novell:suse_linux:suse-manager-5.0-ppc64le-proxy-salt-broker-image, p-cpe:/a:novell:suse_linux:suse-manager-5.0-ppc64le-server-migration-14-16-image, p-cpe:/a:novell:suse_linux:suse-manager-5.0-x86_64-proxy-squid-image, p-cpe:/a:novell:suse_linux:suse-manager-5.0-x86_64-server-hub-xmlrpc-api-image, p-cpe:/a:novell:suse_linux:suse-manager-5.0-ppc64le-proxy-squid-image, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:suse-manager-5.0-s390x-server-attestation-image, p-cpe:/a:novell:suse_linux:suse-manager-5.0-s390x-server-migration-14-16-image, p-cpe:/a:novell:suse_linux:suse-manager-5.0-aarch64-proxy-salt-broker-image, p-cpe:/a:novell:suse_linux:suse-manager-5.0-s390x-proxy-httpd-image, p-cpe:/a:novell:suse_linux:suse-manager-5.0-ppc64le-server-attestation-image, p-cpe:/a:novell:suse_linux:suse-manager-5.0-aarch64-proxy-ssh-image, p-cpe:/a:novell:suse_linux:suse-manager-5.0-ppc64le-server-hub-xmlrpc-api-image, p-cpe:/a:novell:suse_linux:suse-manager-5.0-aarch64-proxy-squid-image, p-cpe:/a:novell:suse_linux:suse-manager-5.0-s390x-proxy-squid-image, p-cpe:/a:novell:suse_linux:suse-manager-5.0-s390x-proxy-ssh-image, p-cpe:/a:novell:suse_linux:suse-manager-5.0-s390x-proxy-tftpd-image, p-cpe:/a:novell:suse_linux:suse-manager-5.0-x86_64-server-attestation-image, p-cpe:/a:novell:suse_linux:suse-manager-5.0-x86_64-server-image, p-cpe:/a:novell:suse_linux:suse-manager-5.0-ppc64le-proxy-tftpd-image, p-cpe:/a:novell:suse_linux:suse-manager-5.0-ppc64le-proxy-httpd-image
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 3/25/2026
Vulnerability Publication Date: 12/17/2025
Reference Information
CVE: CVE-2024-29371
SuSE: SUSE-SU-2026:1010-1