rmt-server-2.12-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12886 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z rmt-server-2.12-1.1 on GA media These are all security issues fixed in the rmt-server-2.12-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12886 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:12886 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-31254/ SUSE CVE CVE-2022-31254 page https://www.suse.com/security/cve/CVE-2023-27530/ SUSE CVE CVE-2023-27530 page https://www.suse.com/security/cve/CVE-2023-28120/ SUSE CVE CVE-2023-28120 page openSUSE Tumbleweed rmt-server-2.12-1.1 rmt-server-config-2.12-1.1 rmt-server-pubcloud-2.12-1.1 rmt-server-2.12-1.1 as a component of openSUSE Tumbleweed rmt-server-config-2.12-1.1 as a component of openSUSE Tumbleweed rmt-server-pubcloud-2.12-1.1 as a component of openSUSE Tumbleweed A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to root. This issue affects: SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.10. SUSE Linux Enterprise Server for SAP 15-SP1 rmt-server versions prior to 2.10. SUSE Manager Server 4.1 rmt-server versions prior to 2.10. openSUSE Leap 15.3 rmt-server versions prior to 2.10. openSUSE Leap 15.4 rmt-server versions prior to 2.10. CVE-2022-31254 openSUSE Tumbleweed:rmt-server-2.12-1.1 openSUSE Tumbleweed:rmt-server-config-2.12-1.1 openSUSE Tumbleweed:rmt-server-pubcloud-2.12-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-31254.html CVE-2022-31254 https://bugzilla.suse.com/1204285 SUSE Bug 1204285 https://bugzilla.suse.com/1207670 SUSE Bug 1207670 A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected. CVE-2023-27530 openSUSE Tumbleweed:rmt-server-2.12-1.1 openSUSE Tumbleweed:rmt-server-config-2.12-1.1 openSUSE Tumbleweed:rmt-server-pubcloud-2.12-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-27530.html CVE-2023-27530 https://bugzilla.suse.com/1209095 SUSE Bug 1209095 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2023-28120 openSUSE Tumbleweed:rmt-server-2.12-1.1 openSUSE Tumbleweed:rmt-server-config-2.12-1.1 openSUSE Tumbleweed:rmt-server-pubcloud-2.12-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-28120.html CVE-2023-28120 https://bugzilla.suse.com/1209505 SUSE Bug 1209505