openSUSE-SU-2020:0235-1

Опубликовано: 19 фев. 2020

Источник: suse-cvrf

Описание

Security update for rmt-server

This update for rmt-server to version 2.5.2 fixes the following issues:

Security issue fixed:

CVE-2019-18904: Fixed a denial of service in the offline migration (bsc#1160922).

Non-security issue fixed:

Relaxed systemd units dependencies (bsc#1160673)
Added more verbose error reporting for SCC API errors (bsc#1157119)
Fixed system listing when architecture is not well referenced (bsc#1141122)

This update was imported from the SUSE:SLE-15-SP1:Update update project.

Список пакетов

openSUSE Leap 15.1

rmt-server-2.5.2-lp151.2.9.1

rmt-server-config-2.5.2-lp151.2.9.1

rmt-server-pubcloud-2.5.2-lp151.2.9.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NDQBJNFWANV6TSPQYO64RQJGFMEBCGWR/
E-Mail link for openSUSE-SU-2020:0235-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1141122
SUSE Bug 1141122
https://bugzilla.suse.com/1157119
SUSE Bug 1157119
https://bugzilla.suse.com/1160673
SUSE Bug 1160673
https://bugzilla.suse.com/1160922
SUSE Bug 1160922
https://www.suse.com/security/cve/CVE-2019-18904/
SUSE CVE CVE-2019-18904 page

Описание

A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Public Cloud 15-SP1, SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux Enterprise Module for Server Applications 15-SP1, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1 allows remote attackers to cause DoS against rmt by requesting migrations. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise High Performance Computing 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Public Cloud 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Module for Server Applications 15 rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Server Applications 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Server 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.5.2-3.26.1. openSUSE Leap 15.1 rmt-server versions prior to 2.5.2-lp151.2.9.1.

Затронутые продукты

openSUSE Leap 15.1:rmt-server-2.5.2-lp151.2.9.1

openSUSE Leap 15.1:rmt-server-config-2.5.2-lp151.2.9.1

openSUSE Leap 15.1:rmt-server-pubcloud-2.5.2-lp151.2.9.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-18904.html
CVE-2019-18904
https://bugzilla.suse.com/1160922
SUSE Bug 1160922

openSUSE-SU-2020:0235-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2019-18904

Описание

Затронутые продукты

Ссылки