Описание
Security update for rmt-server
This update for rmt-server fixes the following issues:
Updated to version 2.13:
- CVE-2023-28120: Fixed a potential XSS issue in an embedded dependency (bsc#1209507).
- CVE-2023-27530: Fixed a denial of service issue in multipart request parsing (bsc#1209096).
Non-security fixes:
- Fixed transactional update on GCE (bsc#1211398).
- Use HTTPS in rmt-client-setup-res (bsc#1209825).
- Various build fixes (bsc#1207670, bsc#1203171, bsc#1206593, bsc#1202053).
Список пакетов
SUSE Enterprise Storage 7
rmt-server-2.13-150200.3.32.1
rmt-server-config-2.13-150200.3.32.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
rmt-server-2.13-150200.3.32.1
rmt-server-config-2.13-150200.3.32.1
SUSE Linux Enterprise Module for Public Cloud 15 SP2
rmt-server-pubcloud-2.13-150200.3.32.1
SUSE Linux Enterprise Server 15 SP2-LTSS
rmt-server-2.13-150200.3.32.1
rmt-server-config-2.13-150200.3.32.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
rmt-server-2.13-150200.3.32.1
rmt-server-config-2.13-150200.3.32.1
Ссылки
- Link for SUSE-SU-2023:2294-1
- E-Mail link for SUSE-SU-2023:2294-1
- SUSE Security Ratings
- SUSE Bug 1202053
- SUSE Bug 1203171
- SUSE Bug 1206593
- SUSE Bug 1207670
- SUSE Bug 1209096
- SUSE Bug 1209507
- SUSE Bug 1209825
- SUSE Bug 1211398
- SUSE CVE CVE-2023-27530 page
- SUSE CVE CVE-2023-28120 page
Описание
A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.
Затронутые продукты
SUSE Enterprise Storage 7:rmt-server-2.13-150200.3.32.1
SUSE Enterprise Storage 7:rmt-server-config-2.13-150200.3.32.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:rmt-server-2.13-150200.3.32.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:rmt-server-config-2.13-150200.3.32.1
Ссылки
- CVE-2023-27530
- SUSE Bug 1209095
Описание
There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.
Затронутые продукты
SUSE Enterprise Storage 7:rmt-server-2.13-150200.3.32.1
SUSE Enterprise Storage 7:rmt-server-config-2.13-150200.3.32.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:rmt-server-2.13-150200.3.32.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:rmt-server-config-2.13-150200.3.32.1
Ссылки
- CVE-2023-28120
- SUSE Bug 1209505