Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2019:0185-1

Опубликовано: 23 мар. 2019
Источник: suse-cvrf

Описание

Security update for rmt-server

This update for rmt-server to version 1.1.1 fixes the following issues:

The following issues have been fixed:

  • Fixed migration problems which caused some extensions / modules to be dropped (bsc#1118584, bsc#1118579)
  • Fixed listing of mirrored products (bsc#1102193)
  • Include online migration paths into offline migration (bsc#1117106)
  • Sync products that do not have a base product (bsc#1109307)
  • Fixed SLP auto discovery for RMT (bsc#1113760)

Update dependencies for security fixes:

  • CVE-2018-16468: Update loofah to 2.2.3 (bsc#1113969)
  • CVE-2018-16470: Update rack to 2.0.6 (bsc#1114831)
  • CVE-2018-14404: Update nokogiri to 1.8.5 (bsc#1102046)

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0
rmt-server-1.1.1-lp150.2.12.1
rmt-server-pubcloud-1.1.1-lp150.2.12.1

Ссылки

Описание

A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.

Затронутые продукты
openSUSE Leap 15.0:rmt-server-1.1.1-lp150.2.12.1
openSUSE Leap 15.0:rmt-server-pubcloud-1.1.1-lp150.2.12.1
Ссылки

Описание

In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

Затронутые продукты
openSUSE Leap 15.0:rmt-server-1.1.1-lp150.2.12.1
openSUSE Leap 15.0:rmt-server-pubcloud-1.1.1-lp150.2.12.1
Ссылки

Описание

There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.

Затронутые продукты
openSUSE Leap 15.0:rmt-server-1.1.1-lp150.2.12.1
openSUSE Leap 15.0:rmt-server-pubcloud-1.1.1-lp150.2.12.1
Ссылки