Описание
Security update for rmt-server
This update for rmt-server to version 2.5.7 fixes the following issues:
Security issues fixed:
- CVE-2019-18904: Fixed offline migrations (bsc#1160922).
- Fixed a local denial of service (bsc#1165548).
Non-security issues fixed:
- Align supported subscription types with SCC (bsc#1168554).
- Fix migrations in case adding migration_extra column failed (bsc#1162296).
- Fix dependency to removed boot_cli_i18n file (bsc#1136020)
Список пакетов
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server for SAP Applications 15
Ссылки
- Link for SUSE-SU-2020:1179-1
- E-Mail link for SUSE-SU-2020:1179-1
- SUSE Security Ratings
- SUSE Bug 1136020
- SUSE Bug 1160922
- SUSE Bug 1162296
- SUSE Bug 1165548
- SUSE Bug 1168554
- SUSE CVE CVE-2019-18904 page
Описание
A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Public Cloud 15-SP1, SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux Enterprise Module for Server Applications 15-SP1, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1 allows remote attackers to cause DoS against rmt by requesting migrations. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise High Performance Computing 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Public Cloud 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Module for Server Applications 15 rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Server Applications 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Server 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.5.2-3.26.1. openSUSE Leap 15.1 rmt-server versions prior to 2.5.2-lp151.2.9.1.
Затронутые продукты
Ссылки
- CVE-2019-18904
- SUSE Bug 1160922