Detections
Analytics
SUSE SLED15 / SLES15 Security Update : rsync (SUSE-SU-2026:2038-1)
high Nessus Plugin ID 316960
Synopsis
The remote SUSE host is missing one or more security updates.Description
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2038-1 advisory.This update for rsync fixes the following issues
- CVE-2026-29518: Symlink-Race TOCTOU in Daemon (bsc#1264511).
- CVE-2026-41035: Count of entries mismatch can lead to a use-after-free (bsc#1262223)
- CVE-2026-43617: Authorization Bypass via Hostname Resolution (bsc#1264515).
- CVE-2026-43618: Integer Overflow Information Disclosure (bsc#1264512).
- CVE-2026-43619: Symlink Race Condition via Path-Based Syscalls (bsc#1264514).
- CVE-2026-43620: Out-of-Bounds Array Read via recv_files() (bsc#1264513).
- CVE-2026-45232: Off-by-one stack OOB write in HTTP CONNECT proxy response parsing (bsc#1265296).
Tenable has extracted the preceding description block directly from the SUSE security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected rsync package.See Also
https://bugzilla.suse.com/1234100
https://bugzilla.suse.com/1234101
https://bugzilla.suse.com/1234102
https://bugzilla.suse.com/1234103
https://bugzilla.suse.com/1234104
https://bugzilla.suse.com/1235475
https://bugzilla.suse.com/1254441
https://bugzilla.suse.com/1262223
https://bugzilla.suse.com/1264511
https://bugzilla.suse.com/1264512
https://bugzilla.suse.com/1264513
https://bugzilla.suse.com/1264514
https://bugzilla.suse.com/1264515
https://bugzilla.suse.com/1265296
https://lists.suse.com/pipermail/sle-updates/2026-May/046686.html
https://www.suse.com/security/cve/CVE-2024-12084
https://www.suse.com/security/cve/CVE-2024-12085
https://www.suse.com/security/cve/CVE-2024-12086
https://www.suse.com/security/cve/CVE-2024-12087
https://www.suse.com/security/cve/CVE-2024-12088
https://www.suse.com/security/cve/CVE-2024-12747
https://www.suse.com/security/cve/CVE-2025-10158
https://www.suse.com/security/cve/CVE-2026-29518
https://www.suse.com/security/cve/CVE-2026-41035
https://www.suse.com/security/cve/CVE-2026-43617
https://www.suse.com/security/cve/CVE-2026-43618
https://www.suse.com/security/cve/CVE-2026-43619
Plugin Details
Severity: High
ID: 316960
File Name: suse_SU-2026-2038-1.nasl
Version: 1.1
Type: Local
Agent: unix
Family: SuSE Local Security Checks
Published: 5/27/2026
Updated: 5/27/2026
Supported Sensors: Nessus Agent, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.6
CVSS v2
Risk Factor: High
Base Score: 8.5
Temporal Score: 6.7
Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:C
CVSS Score Source: CVE-2026-43618
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 7
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
CVSS Score Source: CVE-2026-41035
CVSS v4
Risk Factor: High
Base Score: 7.3
Threat Score: 6.4
Threat Vector: CVSS:4.0/E:P
Vector: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score Source: CVE-2026-29518
Vulnerability Information
CPE: cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:rsync
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 5/21/2026
Vulnerability Publication Date: 1/11/2025
Reference Information
CVE: CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, CVE-2024-12747, CVE-2025-10158, CVE-2026-29518, CVE-2026-41035, CVE-2026-43617, CVE-2026-43618, CVE-2026-43619, CVE-2026-43620, CVE-2026-45232
IAVA: 2026-A-0502
SuSE: SUSE-SU-2026:2038-1