Detections
Analytics

openSUSE 16 Security Update : rclone (openSUSE-SU-2026:20620-1)

critical Nessus Plugin ID 310201

Synopsis

The remote openSUSE host is missing one or more security updates.

Description

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20620-1 advisory.

 Changes in rclone:

 - Update to version 1.73.5:
 * Version v1.73.5
 * operations: add AuthRequired to operations/fsinfo to prevent backend creation CVE-2026-41179
 * rc: snapshot NoAuth at startup to prevent runtime auth bypass CVE-2026-41176
 * rc: add AuthRequired to options/set to prevent auth bypass CVE-2026-41176
 * s3: fix empty delimiter parameter rejected by Archiware P5 server
 * azureblob/auth: add Microsoft Partner Network User-Agent prefix
 * drime: fix User.EntryPermissions JSON unmarshalling
 * filter: fix debug logs that fire before logger is configured - fixes #9291
 * s3: fix TencentCOS CDN endpoint failing on bucket check
 * iclouddrive: fix 'directory not found' error when the directory contains accent marks
 * Start v1.73.5-DEV development

 - Update to version 1.73.4:
 * Version v1.73.4
 * Update to go 1.25.9 to fix multiple CVEs
 * build: fix Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder
 * docs: fix markdown issues in mount docs
 * docs: fix header level for metadata option
 * fix(docs): Fix link to not be language specific
 * filen: update SDK version
 * build(deps): bump golang.org/x/image from 0.36.0 to 0.38.0
 * docs: note macOS 10.15 (Catalina) support with version v1.70.3
 * Start v1.73.4-DEV development

 - Update to version 1.73.3: (CVE-2026-33186 GHSA-6g7g-w4f8-9c9x)
 * Version v1.73.3
 * build(deps): bump github.com/buger/jsonparser from 1.1.1 to 1.1.2
 * docs/jottacloud: fix broken link
 * docs: clarify Filen password change requires updating both password and API key in rclone config
 * docs: note that Filen API key changes on password change
 * build(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3
 * s3: add multi tenant support for Cubbit
 * lib/rest: fix URLPathEscapeAll breaking WebDAV servers (eg nzbdav) with strict path matching
 * list: fix nil pointer panic in Sorter when temp file creation fails
 * docs: update RELEASE procedure to avoid mistakes
 * docs: added text to the label showing version-introduced info
 * Start v1.73.3-DEV development
 * docs: update sponsors

 - Update to version 1.73.2:
 * Version v1.73.2
 * Update to go 1.25.8 to fix multiple CVEs
 * build: update to golang.org/x/net v0.51.0 to fix CVE-2026-27141 #9220
 * docs: fix new drive flag typo in changelog
 * webdav: add missing headers for CORS
 * docs: Document unsupported S3 object keys with double slashes
 * docs: note that --use-server-modtime only works on some backends
 * internxt: fix Entry doesn't belong in directory errors on windows
 * drime: fix chunk-uploaded files ignoring workspace ID
 * docs: Fix headers hierarchy for mount.md
 * webdav: escape reserved characters in URL path segments
 * bisync: add group Sync to the bisync command
 * archive: extract: strip ./ prefix from tar entry paths
 * docs: add instructions on how to update Go version
 * buid: update github.com/cloudflare/circl to v1.6.3 to fix CVE-2026-1229
 * Start v1.73.2-DEV development

 - Update to version 1.73.1:
 * Version v1.73.1
 * build: fix build using go 1.26.0 instead of go 1.25.7
 * fs/march: fix runtime: program exceeds 10000-thread limit
 * accounting: fix missing server side stats from core/stats rc
 * pacer: re-read the sleep time as it may be stale
 * pacer: fix deadlock between pacer token and --max-connections
 * build: fix CVE-2025-68121 by updating go to 1.25.7 or later - fixes #9167
 * drime: fix files and directories being created in the default workspace
 * docs: update sponsors
 * copyurl: Extend copyurl docs with an example of CSV FILENAMEs starting with a path.
 * internxt: implement re-login under refresh logic, improve retry logic - fixes #9174
 * docs: add ExchangeRate-API as a sponsor
 * build: bump github.com/go-chi/chi/v5 from 5.2.3 to 5.2.5 to fix GO-2026-4316
 * Set list_version to 2 for FileLu S3 configuration
 * filelu: add multipart upload support with configurable cutoff
 * filelu: add multipart init response type
 * filelu: add comment for response body wrapping
 * filelu: avoid buffering entire file in memory
 * docs: update sponsor logos
 * filen: fix potential panic in case of error during upload
 * filen: fix 32 bit targets not being able to list directories Fixes #9142
 * Start v1.73.1-DEV development

 - Update to version 1.73.0:
 * Version v1.73.0
 * drive: fix crash when trying to creating shortcut to a Google doc
 * azureblob,azurefiles: factor the common auth into a library
 * test: allow backends to return fs.ErrorCantListRoot to skip Root tests
 * build: add privatebeta Makefile target
 * docs: add Internxt as a sponsor
 * internxt: remove use of CVE laden github.com/disintegration/imaging
 * docs: fix Internxt docs after merge
 * docs: update making a new backend docs
 * docs: build overview page from the backend data
 * docs: add tiering to the documentation - fixes #8873
 * docs: add data about each backend in YAML format
 * docs: add bin/manage_backends.py for managing the backend data files
 * internxt: use rclone's http.Client to enable more features
 * internxt: fix lint problems
 * Add StarHack to contributors
 * Add lullius to contributors
 * Add jzunigax2 to contributors
 * internxt: add Internxt backend - fixes #7610
 * drive: add --drive-metadata-force-expansive-access flag - Fixes #8980
 * test_all: allow drime more time to complete
 * onedrive: fix permissions on onedrive Personal
 * onedrive: fix require sign in for Onedrive Personal
 * onedrive: Onedrive Personal no longer supports description
 * onedrive: fix setting modification time on directories for onedrive Personal
 * onedrive: fix cancelling multipart upload
 * docs: fix WinFsp link in mount documentation
 * cmount: make work under OpenBSD - fixes #1727
 * vfs: make mount tests run on OpenBSD
 * docs: improve alignment of icons
 * protondrive: update to use forks of upstream modules
 * Add hyusap to contributors
 * Add Nick Owens to contributors
 * Add Mikel Olasagasti Uranga to contributors
 * docs: fix googlephotos custom client_id instructions
 * cmount: fix OpenBSD mount support.
 * fs: fix bwlimit: correctly report minutes
 * fs: fix bwlimit: use %d instead of %q for ints
 * mega: reverts TLS workaround
 * docs: fix formatting
 * docs: add faq entry about re-enabling old TLS ciphers
 * Add Marc-Philip to contributors
 * Add yy to contributors
 * filen: swap to blake3 hashes
 * docs: fix echo command syntax for password input
 * docs: fix typos in comments and messages
 * docs: fix use of removed rem macro
 * uptobox: remove backend as service is no longer available
 * rc: add operations/hashsumfile to sum a single file only
 * docs: update sponsor link
 * filen: add Filen backend - Fixes #6728
 * sftp: fix proxy initialisation
 * fstest: skip Copy mutation test with --sftp-copy-is-hardlink
 * fstest: Make Copy mutation test work properly
 * Add Qingwei Li to contributors
 * Add Nicolas Dessart to contributors
 * log: fix systemd adding extra newline - fixes #9086
 * oracleobjectstorage, sftp: eliminate unnecessary heap allocation
 * sftp,ftp: add http proxy authentication support
 * Add Drime backend
 * lib/rest: add opts.MultipartContentType to explicitly set Content-Type of attachements
 * dircache: allow empty string as root parent id
 * docs: update sponsors
 * s3: add provider Bizfly Cloud Simple Storage
 * docs: update sponsor logos
 * Add sys6101 to contributors
 * Add darkdragon-001 to contributors
 * Add vupn0712 to contributors
 * docs: add cloudinary to readme
 * docs: fix headers hierarchy in mount docs
 * s3: fix Copy ignoring storage class
 * serve s3: make errors in --s3-auth-key fatal - fixes #9044
 * Add masrlinu to contributors
 * pcloud: add support for real-time updates in mount
 * memory: add --memory-discard flag for speed testing - fixes #9037
 * Add vyv03354 to contributors
 * shade: Fix VFS test issues
 * docs: mention use of ListR feature in ls docs
 * build: bump actions/download-artifact from 6 to 7
 * build: bump actions/upload-artifact from 5 to 6
 * build: bump actions/cache from 4 to 5
 * docs: reflects the fact that pCloud supports ListR
 * S3: Linode: updated endpoints to use ISO 3166-1 alpha-2 standard
 * sync: fix error propagation in tests (#9025)
 * Changelog updates from Version v1.72.1
 * s3: add more regions for Selectel
 * Add jhasse-shade to contributors
 * Add Shade backend
 * log: fix backtrace not going to the --log-file #9014
 * build: fix lint warning after linter upgrade
 * Add Jonas Tingeborn to contributors
 * Add Tingsong Xu to contributors
 * configfile: add piped config support - fixes #9012
 * fs/log: fix PID not included in JSON log output
 * build: adjust lint rules to exclude new errors from linter update
 * proxy: fix error handling in tests spotted by the linter
 * Add Johannes Rothe to contributors
 * Add Leo to contributors
 * Add Vladislav Tropnikov to contributors
 * Add Cliff Frey to contributors
 * Add vicerace to contributors
 * b2: Fix listing root buckets with unrestricted API key
 * googlecloudstorage: improve endpoint parameter docs
 * serve webdav: implement download-directory-as-zip
 * s3: The ability to specify an IAM role for cross-account interaction
 * azureblob: add metadata and tags support across upload and copy paths
 * refactor: use strings.Cut to simplify code
 * docs: note where a provider has an S3 compatible alternative
 * Add Shade as sponsor
 * Add Duncan Smart to contributors
 * Add Diana to contributors
 * docs: Clarify OAuth scopes for readonly Google Drive access
 * b2: support authentication with new bucket restricted application keys
 * docs: update sponsor logos
 * docs: fix lint error in changelog
 * Start v1.73.0-DEV development

 - Update to version 1.72.1:
 * Version v1.72.1
 * s3: add more regions for Selectel
 * log: fix backtrace not going to the --log-file #9014
 * build: fix lint warning after linter upgrade
 * configfile: add piped config support - fixes #9012
 * fs/log: fix PID not included in JSON log output
 * build: adjust lint rules to exclude new errors from linter update
 * proxy: fix error handling in tests spotted by the linter
 * googlecloudstorage: improve endpoint parameter docs
 * docs: note where a provider has an S3 compatible alternative
 * Add Shade as sponsor
 * docs: Clarify OAuth scopes for readonly Google Drive access
 * docs: update sponsor logos
 * docs: fix lint error in changelog
 * Start v1.72.1-DEV development

 - Update to version 1.72.0:
 * Version v1.72.0
 * rc: fix formatting in job/batch
 * test speed: fix formatting of help
 * docs: update sponsor logos
 * build: bump actions/checkout from 5 to 6
 * s3: add multi-part-upload support for If-Match and If-None-Match
 * rc: config/unlock: rename parameter to `configPassword` accept old as well
 * rc: correct names of parameters in job/list output
 * Add Nikolay Kiryanov to contributors
 * rc: add `executeId` to job statuses - fixes #8972
 * build: bump golang.org/x/crypto from 0.43.0 to 0.45.0 to fix CVE-2025-58181
 * s3: fix single file copying behavior with low permission - Fixes #8975
 * docs: onedrive: note how to backup up any user's data
 * Add Dominik Sander to contributors
 * Add jijamik to contributors
 * box: allow to configure with config file contents
 * http: add basic metadata and provide it via serve
 * ftp: fix transfers from servers that return 250 ok messages
 * b2: allow individual old versions to be deleted with --b2-versions - fixes #1626
 * build: fix tls: failed to verify certificate: x509: negative serial number
 * Add Sean Turner to contributors
 * s3: add support for --upload-header If-Match and If-None-Match
 * fix: comment typos
 * dropbox: fix error moving just created objects - fixes #8881
 * s3: add --s3-use-data-integrity-protections to fix BadDigest error in Alibaba, Tencent
 * rc: make sure fatal errors don't crash rclone - fixes #8955
 * pacer: factor call stack searching into its own package
 * rc: add osVersion, osKernel and osArch to core/version
 * build: update all dependencies
 * build(deps): bump golangci/golangci-lint-action from 8 to 9
 * webdav: fix out of memory with sharepoint-ntlm when uploading large file
 * testserver: fix owncloud test server startup
 * Add aliaj1 to contributors
 * ulozto: Fix downloads returning HTML error page
 * docs: adjust spectra logic example endpoint name
 * docs: update version introduced to v1.70 in doi docs
 * testserver: fix HDFS server after run.bash adjustments
 * testserver: remind developers about allocating a port
 * testserver: make run.bash variables less likely to collide with scripts
 * testserver: fix seafile servers messing up _connect string
 * testserver: make sure TestWebdavInfiniteScale uses an assigned port
 * testserver: make sure we don't overwrite the NAME variable set
 * Add n4n5 to contributors
 * Add Alex to contributors
 * Add Copilot to contributors
 * docs: update contributing docs regarding backend documentation
 * rc: add jobs stats
 * docs: fix alignment of some of the icons in the storage system dropdown
 * docs: run markdownlint on _index.md
 * docs: fix markdownlint issues and other styling improvements in backend command docs
 * docs: fix markdownlint issue md046/code-block-style in backend command docs
 * docs: fix missing punctuation in backend commands short description
 * docs: fix markdownlint issues in backend command generated output
 * build: improve backend docs autogenerated marker line
 * backend/compress: add zstd compression
 * sftp: fix zombie SSH processes with --sftp-ssh - Fixes #8929
 * testserver: fix tests failing due to stopped servers
 * docs: add new integration tester site link
 * docs: update the method for running integration tests
 * bisync: fix failing tests
 * Add SublimePeace to contributors
 * b2: fix expected a FileSseMode but found: ''
 * docs: s3: clarify multipart uploads memory usage
 * test_all: fix detection of running servers
 * accounting: add AccountReadN for use in cluster
 * fs: add NonDefaultRC for discovering options in use
 * fs: move tests into correct files
 * rc: add NewJobFromBytes for reading jobs from non HTTP transactions
 * rc: add job/batch for sending batches of rc commands to run concurrently
 * Add Ted Robertson to contributors
 * Add Joseph Brownlee to contributors
 * Add fries1234 to contributors
 * Add Fawzib Rojas to contributors
 * Add Riaz Arbi to contributors
 * Add Lukas Krejci to contributors
 * Add Adam Dinwoodie to contributors
 * Add dulanting to contributors
 * docs: add AppArmor restrictions to rclone mount
 * check: improved reporting of differences in sizes and contents
 * mega: implement 2FA login
 * docs: change to light code block style to better match overall theme
 * docs: fix various markdownlint issues
 * build: restrict the markdown languages to use for code blocks
 * docs: fix various markdownlint issues
 * docs: fix markdownlint issue md013/line-length
 * docs: change syntax hightlighting for command examples from sh to console
 * docs: Clarify remote naming convention
 * b2: Add Server-Side encryption support
 * Added rclone archive command to create and read archive files
 * accounting: add io.Seeker/io.ReaderAt support to accounting.Account
 * operations: add ReadAt method to ReOpen
 * fstest: add ResetRun to allow the remote to be reset in tests
 * gcs: fix --gcs-storage-class to work with server side copy for objects
 * ulozto: implement the about functionality
 * local: add --skip-specials to ignore special files
 * swift: Report disk usage in segment containers
 * refactor: use strings.Builder to improve performance
 * Archive backend to read archives on cloud storage.
 * vfs: remove unecessary import in tests to fix import cycles
 * Add Lakshmi-Surekha to contributors
 * Add Andrew Gunnerson to contributors
 * Add divinity76 to contributors
 * build: enable support for aix/ppc64
 * rc: fix name of queue JSON key in docs for vfs/cache
 * cmount: windows: improve error message on missing winfsp
 * docs: add the Provider to the options examples in the backend docs
 * Add Aneesh Agrawal to contributors
 * Add viocha to contributors
 * Add reddaisyy to contributors
 * fs: remove unnecessary Seek call on log file
 * s3: make it easier to add new S3 providers
 * build(deps): bump actions/upload-artifact from 4 to 5
 * build(deps): bump actions/download-artifact from 5 to 6
 * ftp: fix SOCK proxy support - fixes #8892 (#8918)
 * webdav: Add Access-Control-Max-Age header for CORS preflight caching - fixes #5078
 * webdav: use SpaceSepList to parse bearer token command
 * refactor: use strings.Builder to improve performance
 * docs: re-arrange sponsors page
 * docs: add Spectra Logic as a sponsor
 * Add Oleksandr Redko to contributors
 * build: enable all govet checks (except fieldalignment and shadow) and fix issues.
 * march: fix --no-traverse being very slow - fixes #8860
 * Add vastonus to contributors
 * s3: add new FileLu S5 endpoints
 * build: remove obsolete build tag
 * azurefiles: add ListP interface - #4788
 * dropbox: add ListP interface - #4788
 * webdav: add ListP interface - #4788
 * pcloud: add ListP interface - #4788
 * box: add ListP interface - #4788
 * onedrive: add ListP interface - #4788
 * drive: add ListP interface - #4788
 * Add hunshcn to contributors
 * webdav: optimize bearer token fetching with singleflight
 * Changelog updates from Version v1.71.2
 * lib/http: cleanup indentation and other whitespace in http serve template
 * docs: improve formatting of http serve template parameters
 * build: stop markdown linter leaving behind docker containers
 * Add Marco Ferretti to contributors
 * s3: add cubbit as provider
 * s3: add servercore as a provider
 * docs: update sponsors
 * docs: update sponsor images
 * docs: update privacy policy with a section on user data
 * Add Dulani Woods to contributors
 * Add spiffytech to contributors
 * gcs: add region us-east5 - fixes #8863
 * jottacloud: refactor service list from map to slice to get predefined order
 * jottacloud: added support for traditional oauth authentication also for the main service
 * oauthutil: improved debug logs from token refresh
 * backend: add S3 provider for Hetzner object storage #8183
 * jottacloud: improved token refresh handling
 * s3: provider reordering
 * index: add missing providers
 * docs: add missing `
 * s3: add rabata as a provider
 * mega: fix 402 payment required errors - fixes #8758
 * Add Andrew Ruthven to contributors
 * Add Microscotch to contributors
 * Add iTrooz to contributors
 * build: Bump SwiftAIO container to a newer one
 * build: Retry stopping the test server
 * build: Increase attempts to connect to test server
 * swift: If storage_policy isn't set, use the root containers policy
 * proton: automated 2FA login with OTP secret key
 * serve s3: fix log output to remove the EXTRA messages
 * docs/jottacloud: update description of invalid_grant error according to changes
 * jottacloud: add support for MediaMarkt Cloud as a whitelabel service
 * s3: add FileLu S5 provider
 * docs: fix variants of --user-from-header
 * vfs: fix chunker integration test
 * test_all: give TestZoho: extra time as it has been timing out
 * test_all: give TestCompressDrive: extra time as it has been timing out
 * rclone config string: reduce quoting with Human rendering for strings #8859
 * Add juejinyuxitu to contributors
 * docs/jottacloud: update documentation with new whitelabel services and changed configuration flow
 * jottacloud: abort attempts to run unsupported rclone authorize command
 * jottacloud: minor adjustment of texts in config ui
 * jottacloud: add support for Let's Go Cloud (from MediaMarkt) as a whitelabel service
 * jottacloud: fix authentication for whitelabel services from Elkj?p subsidiaries
 * jottacloud: refactor config handling of whitelabel services to use openid provider configuration
 * jottacloud: remove nil error object from error message
 * jottacloud: fix legacy authentication
 * docs: add remote setup page to main docs dropdown
 * docs: update remote setup page
 * docs: add link from authorize command docs to remote setup docs
 * docs: lowercase internet and web browser instead of Internet browser
 * docs: use the term backend name instead of fs name for authorize command
 * add `rclone config string` for making connection strings #8859
 * config: add more human readable configmap.Simple output
 * serve http: download folders as zip
 * s3: reorder providers to be in alphabetical order
 * refactor: use strings.FieldsFuncSeq to reduce memory allocations
 * accounting: add SetMaxCompletedTransfers method to fix bisync race #8815
 * accounting: add RemoveDoneTransfers method to fix bisync race #8815
 * bisync: fix race when CaptureOutput is used concurrently #8815
 * build: update all dependencies
 * Makefile: remove deprecated go mod usage
 * azurefiles: Fix server side copy not waiting for completion - fixes #8848
 * Changelog updates from Version v1.71.1
 * test_all: fix branch name in test report
 * pacer: fix deadlock with --max-connections
 * Revert azureblob: fix deadlock with --max-connections with InvalidBlockOrBlob errors
 * Add Youfu Zhang to contributors
 * Add Matt LaPaglia to contributors
 * smb: optimize smb mount performance by avoiding stat checks during initialization
 * pikpak: fix unnecessary retries by using URL expire parameter - fixes #8601
 * serve http: fix: logging url on start
 * docs: fix typo
 * b2: fix 1TB+ uploads
 * march: fix deadlock when using --fast-list on syncs - fixes #8811
 * build: slices.Contains, added in go1.21
 * build: use strings.CutPrefix introduced in go1.20
 * build: use sequence Split introduced in go1.24
 * build: use for i := range n, added in go1.22
 * build: modernize benchmark usage
 * build: in tests use t.Context, added in go1.24
 * build: replace interface{} by the 'any' type added in go1.18
 * build: use the built-in min or max functions added in go1.21
 * Add russcoss to contributors
 * build: remove x := x made unnecessary by the new semantics of loops in go1.22
 * lib/pool: fix unreliable TestPoolMaxBufferMemory test
 * Update S-Pegg1 email
 * Add Jean-Christophe Cura to contributors
 * pool: fix flaky unreliability test
 * copyurl: reworked code, added concurrency and tests
 * copyurl: Added --url to read urls from csv file - #8127
 * docs: HDFS: erasure coding limitation #8808
 * fstest: fix slice bounds out of range error when using -remotes local
 * local: fix time zones on tests
 * s3: added SpectraLogic as a provider
 * local: fix rmdir Access is denied on windows - fixes #8363
 * bisync: fix error handling for renamed conflicts
 * docs: pcloud: update root_folder_id instructions
 * operations: fix partial name collisions for non --inplace copies
 * drive: docs: update making your own client ID instructions
 * swift: add ListP interface - #4788
 * memory: add ListP interface - #4788
 * oraceobjectstorage: add ListP interface - #4788
 * B2: add ListP interface - #4788
 * azureblob: add ListP interface - #4788
 * googlecloudstorage: add ListP interface - Fixes #8763
 * build: bump actions/github-script from 7 to 8
 * build: bump actions/setup-go from 5 to 6
 * bisync: fix chunker integration tests
 * bisync: fix koofr integration tests
 * internetarchive: fix server side copy files with spaces
 * lib/rest: add URLPathEscapeAll to URL escape as many chars as possible
 * Add alternate email for dougal to contributors
 * test speed: add command to test a specified remotes speed
 * docs: add link to MEGA S4 from MEGA page
 * Add Robin Rolf to contributors
 * Add anon-pradip to contributors
 * s3: Add Intercolo provider
 * gendocs: refactor and add logging of skipped command docs
 * gendocs: ignore missing rclone_mount.md, rclone_nfsmount.md, rclone_serve_nfs.md on windows
 * bin: add bisync.md generator
 * fstest: refactor to decouple package from implementation
 * gendocs: ignore missing rclone_mount.md on macOS
 * bisync: ignore expected nothing to transfer differences on tests
 * bisync: fix TestBisyncConcurrent ignoring -case
 * bisync: make number of parallel tests configurable
 * docs: clarify subcommand description in rclone usage
 * docs: fix description of regex syntax of name transform
 * docs: add some more details about supported regex syntax
 * makefile: fix lib/transform docs not getting updated
 * lib/pool: fix flaky test which was causing timeouts
 * Add dougal to contributors
 * vfs: fix SIGHUP killing serve instead of flushing directory caches
 * bisync: use unique stats groups on tests
 * fstest: stop errors in test cleanup changing the global stats
 * Add Motte to contributors
 * Add Claudius Ellsel to contributors
 * build: add local markdown linting to make check
 * lsf: add support for unix and unixnano time formats
 * docs: remove broken links from rc to commands
 * hashsum: changed output format when listing algorithms
 * docs: add example of how to add date as suffix
 * box: fix about after change in API return - fixes #8776
 * Add skbeh to contributors
 * Add Tilman Vogel to contributors
 * docs: fix incorrectly escaped windows path separators
 * build: restore error handling in gendocs
 * combine: propagate SlowHash feature
 * docs/oracleobjectstorage: add introduction before external links and remove broken link
 * docs: fix markdown lint issues in backend docs
 * docs: fix markdown lint issues in command docs
 * docs: update markdown code block json indent size 2
 * mount: do not log successful unmount as an error - fixes #8766
 * Start v1.72.0-DEV dev ...

 Please note that the description has been truncated due to length. Please refer to vendor advisory for the full description.

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected rclone, rclone-bash-completion and / or rclone-zsh-completion packages.

See Also

https://www.suse.com/security/cve/CVE-2024-51744

https://www.suse.com/security/cve/CVE-2024-45338

https://www.suse.com/security/cve/CVE-2024-45337

https://www.suse.com/security/cve/CVE-2025-22869

https://www.suse.com/security/cve/CVE-2025-22870

https://www.suse.com/security/cve/CVE-2025-30204

https://www.suse.com/security/cve/CVE-2025-58181

https://www.suse.com/security/cve/CVE-2025-68121

https://www.suse.com/security/cve/CVE-2026-33186

https://bugzilla.suse.com/1232964

https://bugzilla.suse.com/1233422

https://www.suse.com/security/cve/CVE-2024-52522

https://www.suse.com/security/cve/CVE-2026-1229

https://www.suse.com/security/cve/CVE-2026-27141

https://www.suse.com/security/cve/CVE-2026-41176

https://www.suse.com/security/cve/CVE-2026-41179

Plugin Details

Severity: Critical

ID: 310201

File Name: openSUSE-2026-20620-1.nasl

Version: 1.1

Type: Local

Agent: unix

Published: 4/25/2026

Updated: 4/25/2026

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.1

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2026-1229

CVSS v3

Risk Factor: Critical

Base Score: 10

Temporal Score: 9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2025-68121

CVSS v4

Risk Factor: Critical

Base Score: 9.2

Threat Score: 8.2

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVSS Score Source: CVE-2026-41179

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:rclone-bash-completion, p-cpe:/a:novell:opensuse:rclone-zsh-completion, p-cpe:/a:novell:opensuse:rclone, cpe:/o:novell:opensuse:16.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/23/2026

Vulnerability Publication Date: 11/4/2024

Reference Information

CVE: CVE-2024-45337, CVE-2024-45338, CVE-2024-51744, CVE-2024-52522, CVE-2025-22869, CVE-2025-22870, CVE-2025-30204, CVE-2025-58181, CVE-2025-68121, CVE-2026-1229, CVE-2026-27141, CVE-2026-33186, CVE-2026-41176, CVE-2026-41179

IAVB: 2024-B-0181-S, 2026-B-0105