SUSE-SU-2019:0272-1

Опубликовано: 06 фев. 2019

Источник: suse-cvrf

Описание

Security update for rmt-server

This update for rmt-server to version 1.1.1 fixes the following issues:

The following issues have been fixed:

Fixed migration problems which caused some extensions / modules to be dropped (bsc#1118584, bsc#1118579)
Fixed listing of mirrored products (bsc#1102193)
Include online migration paths into offline migration (bsc#1117106)
Sync products that do not have a base product (bsc#1109307)
Fixed SLP auto discovery for RMT (bsc#1113760)

Update dependencies for security fixes:

CVE-2018-16468: Update loofah to 2.2.3 (bsc#1113969)
CVE-2018-16470: Update rack to 2.0.6 (bsc#1114831)
CVE-2018-14404: Update nokogiri to 1.8.5 (bsc#1102046)

Список пакетов

SUSE Linux Enterprise Module for Server Applications 15

rmt-server-1.1.1-3.13.1

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20190272-1/
Link for SUSE-SU-2019:0272-1
https://lists.suse.com/pipermail/sle-security-updates/2019-February/005090.html
E-Mail link for SUSE-SU-2019:0272-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1102046
SUSE Bug 1102046
https://bugzilla.suse.com/1102193
SUSE Bug 1102193
https://bugzilla.suse.com/1109307
SUSE Bug 1109307
https://bugzilla.suse.com/1113760
SUSE Bug 1113760
https://bugzilla.suse.com/1113969
SUSE Bug 1113969
https://bugzilla.suse.com/1114831
SUSE Bug 1114831
https://bugzilla.suse.com/1117106
SUSE Bug 1117106
https://bugzilla.suse.com/1118579
SUSE Bug 1118579
https://bugzilla.suse.com/1118584
SUSE Bug 1118584
https://www.suse.com/security/cve/CVE-2018-14404/
SUSE CVE CVE-2018-14404 page
https://www.suse.com/security/cve/CVE-2018-16468/
SUSE CVE CVE-2018-16468 page
https://www.suse.com/security/cve/CVE-2018-16470/
SUSE CVE CVE-2018-16470 page

Описание

A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.

Затронутые продукты

SUSE Linux Enterprise Module for Server Applications 15:rmt-server-1.1.1-3.13.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-14404.html
CVE-2018-14404
https://bugzilla.suse.com/1102046
SUSE Bug 1102046
https://bugzilla.suse.com/1148896
SUSE Bug 1148896

Описание

In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

Затронутые продукты

SUSE Linux Enterprise Module for Server Applications 15:rmt-server-1.1.1-3.13.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-16468.html
CVE-2018-16468
https://bugzilla.suse.com/1113969
SUSE Bug 1113969

Описание

There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.

Затронутые продукты

SUSE Linux Enterprise Module for Server Applications 15:rmt-server-1.1.1-3.13.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-16470.html
CVE-2018-16470
https://bugzilla.suse.com/1114831
SUSE Bug 1114831

SUSE-SU-2019:0272-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Server Applications 15

Ссылки

Уязвимость: CVE-2018-14404

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-16468

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-16470

Описание

Затронутые продукты

Ссылки