Описание
Security update for rmt-server
This update for rmt-server fixes the following issues:
Updated to version 2.13:
- CVE-2023-28120: Fixed a potential XSS issue in an embedded dependency (bsc#1209507).
- CVE-2023-27530: Fixed a denial of service issue in multipart request parsing (bsc#1209096).
Non-security fixes:
- Fixed transactional update on GCE (bsc#1211398).
- Use HTTPS in rmt-client-setup-res (bsc#1209825).
- Various build fixes (bsc#1207670, bsc#1203171, bsc#1206593, bsc#1202053).
Список пакетов
SUSE Linux Enterprise Module for Public Cloud 15 SP4
rmt-server-pubcloud-2.13-150400.3.12.1
SUSE Linux Enterprise Module for Server Applications 15 SP4
rmt-server-2.13-150400.3.12.1
rmt-server-config-2.13-150400.3.12.1
openSUSE Leap 15.4
rmt-server-2.13-150400.3.12.1
rmt-server-config-2.13-150400.3.12.1
rmt-server-pubcloud-2.13-150400.3.12.1
Ссылки
- Link for SUSE-SU-2023:2295-1
- E-Mail link for SUSE-SU-2023:2295-1
- SUSE Security Ratings
- SUSE Bug 1202053
- SUSE Bug 1203171
- SUSE Bug 1206593
- SUSE Bug 1207670
- SUSE Bug 1209096
- SUSE Bug 1209507
- SUSE Bug 1209825
- SUSE Bug 1211398
- SUSE CVE CVE-2023-27530 page
- SUSE CVE CVE-2023-28120 page
Описание
A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.
Затронутые продукты
SUSE Linux Enterprise Module for Public Cloud 15 SP4:rmt-server-pubcloud-2.13-150400.3.12.1
SUSE Linux Enterprise Module for Server Applications 15 SP4:rmt-server-2.13-150400.3.12.1
SUSE Linux Enterprise Module for Server Applications 15 SP4:rmt-server-config-2.13-150400.3.12.1
openSUSE Leap 15.4:rmt-server-2.13-150400.3.12.1
Ссылки
- CVE-2023-27530
- SUSE Bug 1209095
Описание
There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.
Затронутые продукты
SUSE Linux Enterprise Module for Public Cloud 15 SP4:rmt-server-pubcloud-2.13-150400.3.12.1
SUSE Linux Enterprise Module for Server Applications 15 SP4:rmt-server-2.13-150400.3.12.1
SUSE Linux Enterprise Module for Server Applications 15 SP4:rmt-server-config-2.13-150400.3.12.1
openSUSE Leap 15.4:rmt-server-2.13-150400.3.12.1
Ссылки
- CVE-2023-28120
- SUSE Bug 1209505