Описание
Security update for rmt-server
This update for rmt-server fixes the following issues:
Update to version 2.10:
- Add option to turn off system token support (bsc#1205089)
- Update the
last_seen_atcolumn on zypper service refresh - Do not retry to import non-existing files in air-gapped mode (bsc#1204769)
- CVE-2022-31254: Fixed a local privilege escalation related to the packaging of rmt-server (bsc#1204285).
Список пакетов
SUSE Enterprise Storage 7
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
SUSE Linux Enterprise Module for Public Cloud 15 SP2
SUSE Linux Enterprise Server 15 SP2-BCL
SUSE Linux Enterprise Server 15 SP2-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Manager Proxy 4.1
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
Ссылки
- Link for SUSE-SU-2023:0023-1
- E-Mail link for SUSE-SU-2023:0023-1
- SUSE Security Ratings
- SUSE Bug 1204285
- SUSE Bug 1204769
- SUSE Bug 1205089
- SUSE CVE CVE-2022-31254 page
Описание
A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to root. This issue affects: SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.10. SUSE Linux Enterprise Server for SAP 15-SP1 rmt-server versions prior to 2.10. SUSE Manager Server 4.1 rmt-server versions prior to 2.10. openSUSE Leap 15.3 rmt-server versions prior to 2.10. openSUSE Leap 15.4 rmt-server versions prior to 2.10.
Затронутые продукты
Ссылки
- CVE-2022-31254
- SUSE Bug 1204285
- SUSE Bug 1207670