exploitDog

SUSE-SU-2020:0260-1

Опубликовано: 30 янв. 2020

Источник: suse-cvrf

Описание

Security update for rmt-server

This update for rmt-server to version 2.5.2 fixes the following issues:

Security issue fixed:

CVE-2019-18904: Fixed a denial of service in the offline migration (bsc#1160922).

Non-security issue fixed:

Relaxed systemd units dependencies (bsc#1160673)
Added more verbose error reporting for SCC API errors (bsc#1157119)
Fixed system listing when architecture is not well referenced (bsc#1141122)

Список пакетов

SUSE Linux Enterprise High Performance Computing 15-ESPOS

rmt-server-2.5.2-3.26.1

rmt-server-config-2.5.2-3.26.1

SUSE Linux Enterprise High Performance Computing 15-LTSS

rmt-server-2.5.2-3.26.1

rmt-server-config-2.5.2-3.26.1

SUSE Linux Enterprise Module for Server Applications 15

rmt-server-2.5.2-3.26.1

rmt-server-config-2.5.2-3.26.1

SUSE Linux Enterprise Server 15-LTSS

rmt-server-2.5.2-3.26.1

rmt-server-config-2.5.2-3.26.1

SUSE Linux Enterprise Server for SAP Applications 15

rmt-server-2.5.2-3.26.1

rmt-server-config-2.5.2-3.26.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20200260-1/
Link for SUSE-SU-2020:0260-1
https://lists.suse.com/pipermail/sle-security-updates/2020-January/006412.html
E-Mail link for SUSE-SU-2020:0260-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1141122
SUSE Bug 1141122
https://bugzilla.suse.com/1157119
SUSE Bug 1157119
https://bugzilla.suse.com/1160673
SUSE Bug 1160673
https://bugzilla.suse.com/1160922
SUSE Bug 1160922
https://www.suse.com/security/cve/CVE-2019-18904/
SUSE CVE CVE-2019-18904 page

Описание

A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Public Cloud 15-SP1, SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux Enterprise Module for Server Applications 15-SP1, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1 allows remote attackers to cause DoS against rmt by requesting migrations. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise High Performance Computing 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Public Cloud 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Module for Server Applications 15 rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Server Applications 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Server 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.5.2-3.26.1. openSUSE Leap 15.1 rmt-server versions prior to 2.5.2-lp151.2.9.1.

Затронутые продукты

SUSE Linux Enterprise High Performance Computing 15-ESPOS:rmt-server-2.5.2-3.26.1

SUSE Linux Enterprise High Performance Computing 15-ESPOS:rmt-server-config-2.5.2-3.26.1

SUSE Linux Enterprise High Performance Computing 15-LTSS:rmt-server-2.5.2-3.26.1

SUSE Linux Enterprise High Performance Computing 15-LTSS:rmt-server-config-2.5.2-3.26.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-18904.html
CVE-2019-18904
https://bugzilla.suse.com/1160922
SUSE Bug 1160922