Alerts This Week
Warning Icon 1 848
Alerts This Week
Warning Icon 1 848

openSUSE Rclone Critical Security Update CVE-2026-25680 CVE-2026-25681

opensuse
Calendar Grey June 12, 2026
Dist Opensuse Esm H88
Critical openSUSE update for rclone addresses 27 high-risk issues with potential exploits, enhancing system security.
An update that fixes 27 vulnerabilities is now available.

Description

This update for rclone fixes the following issues:

- Update to version 1.74.3: (boo#1267869)

- Bug Fixes

- rc

- Fix unauthenticated command execution via --rc-serve inline

remotes CVE-2026-49980 (Nick Craig-Wood)

- Stop global.* connection string options changing config

CVE-2026-49980 (Nick Craig-Wood)

- build: Fix multiple CVEs by upgrading to go1.26.4 (Nick Craig-Wood)

- CVE-2026-42504: mime: quadratic complexity in

WordDecoder.DecodeHeader

- CVE-2026-42507: net/textproto: arbitrary input are included in

errors without any escaping

- CVE-2026-27145: crypto/x509: split candidate hostname only

once

- log: Fix wrong source file:line in JSON logs from release builds

(Nick Craig-Wood)

- mount2: Fix empty directory listings on re-read (Janne Beate Bakeng)

- serve s3: Fix multipart ListParts pagination returning wrong part

numbers (Nick Craig-Wood)

-...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service critical threat OpenSUSE rclone

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-199=1

Package List

- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):

rclone-1.74.3-bp157.2.9.1

- openSUSE Backports SLE-15-SP7 (noarch):

rclone-bash-completion-1.74.3-bp157.2.9.1

rclone-zsh-completion-1.74.3-bp157.2.9.1

References

https://www.suse.com/security/cve/CVE-2026-25680.html

https://www.suse.com/security/cve/CVE-2026-25681.html

https://www.suse.com/security/cve/CVE-2026-27136.html

https://www.suse.com/security/cve/CVE-2026-27145.html

https://www.suse.com/security/cve/CVE-2026-33809.html

https://www.suse.com/security/cve/CVE-2026-39821.html

https://www.suse.com/security/cve/CVE-2026-39824.html

https://www.suse.com/security/cve/CVE-2026-39827.html

https://www.suse.com/security/cve/CVE-2026-39828.html

https://www.suse.com/security/cve/CVE-2026-39829.html

https://www.suse.com/security/cve/CVE-2026-39830.html

https://www.suse.com/security/cve/CVE-2026-39831.html

https://www.suse.com/security/cve/CVE-2026-39832.html

https://www.suse.com/security/cve/CVE-2026-39833.html

https://www.suse.com/security/cve/CVE-2026-39834.html

https://www.suse.com/security/cve/CVE-2026-39835.html

https://www.suse.com/security/cve/CVE-2026-42500.html

https://www.suse.com/security/cve/CVE-2026-42502.html

https://www.suse.com/security/cve/CVE-2026-425...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:0199-1
Rating: critical
Affected Products: openSUSE Backports SLE-15-SP7

Topics%20covered

Topics Covered

security advisory denial of service critical threat OpenSUSE rclone

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here