Описание
Security update for rmt-server
This update for rmt-server fixes the following issues:
Update to version 2.10:
- Add option to turn off system token support (bsc#1205089)
- Update the
last_seen_atcolumn on zypper service refresh - Do not retry to import non-existing files in air-gapped mode (bsc#1204769)
- CVE-2022-31254: Fixed a local privilege escalation related to the packaging of rmt-server (bsc#1204285).
Список пакетов
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
SUSE Linux Enterprise Module for Public Cloud 15 SP3
SUSE Linux Enterprise Module for Server Applications 15 SP3
SUSE Linux Enterprise Real Time 15 SP3
SUSE Linux Enterprise Server 15 SP3-BCL
SUSE Linux Enterprise Server 15 SP3-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
Ссылки
- Link for SUSE-SU-2023:0020-1
- E-Mail link for SUSE-SU-2023:0020-1
- SUSE Security Ratings
- SUSE Bug 1204285
- SUSE Bug 1204769
- SUSE Bug 1205089
- SUSE CVE CVE-2022-31254 page
Описание
A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to root. This issue affects: SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.10. SUSE Linux Enterprise Server for SAP 15-SP1 rmt-server versions prior to 2.10. SUSE Manager Server 4.1 rmt-server versions prior to 2.10. openSUSE Leap 15.3 rmt-server versions prior to 2.10. openSUSE Leap 15.4 rmt-server versions prior to 2.10.
Затронутые продукты
Ссылки
- CVE-2022-31254
- SUSE Bug 1204285
- SUSE Bug 1207670