Security update for rmt-server SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:2781-1 Final 1 1 2023-07-04T11:09:54Z current 2023-07-04T11:09:54Z 2023-07-04T11:09:54Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for rmt-server This update for rmt-server fixes the following issues: Update to version 2.13: - CVE-2023-28120: Fixed a possible XSS Security Vulnerability in bytesliced strings for html_safe (bsc#1209507). - CVE-2023-27530: Fixed a DoS in multipart mime parsing (bsc#1209096). - CVE-2022-31254: Fixed escalation vector bug from user _rmt to root in the packaging file (bsc#1204285). Bug fixes: - Handle X-Original-URI header, partial fix for (bsc#1211398) - Force rmt-client-setup-res script to use https (bsc#1209825) - Mark secrets.yml.key file as part of the rpm to allow seamless downgrades (bsc#1207670) - Adding -f to the file move command when moving the mirrored directory to its final location (bsc#1203171) - Fix %post install of pubcloud subpackage reload of nginx (bsc#1206593) - Skip warnings regarding nokogiri libxml version mismatch (bsc#1202053) - Add option to turn off system token support (bsc#1205089) - Do not retry to import non-existing files in air-gapped mode (bsc#1204769) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/rmt-server:latest-2023-2781,SUSE-2023-2781,SUSE-SLE-Module-Public-Cloud-15-SP5-2023-2781,SUSE-SLE-Module-Server-Applications-15-SP5-2023-2781,openSUSE-SLE-15.5-2023-2781 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20232781-1/ Link for SUSE-SU-2023:2781-1 https://lists.suse.com/pipermail/sle-updates/2023-July/030186.html E-Mail link for SUSE-SU-2023:2781-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1202053 SUSE Bug 1202053 https://bugzilla.suse.com/1203171 SUSE Bug 1203171 https://bugzilla.suse.com/1204285 SUSE Bug 1204285 https://bugzilla.suse.com/1204769 SUSE Bug 1204769 https://bugzilla.suse.com/1205089 SUSE Bug 1205089 https://bugzilla.suse.com/1206593 SUSE Bug 1206593 https://bugzilla.suse.com/1207670 SUSE Bug 1207670 https://bugzilla.suse.com/1209096 SUSE Bug 1209096 https://bugzilla.suse.com/1209507 SUSE Bug 1209507 https://bugzilla.suse.com/1209825 SUSE Bug 1209825 https://bugzilla.suse.com/1211398 SUSE Bug 1211398 https://www.suse.com/security/cve/CVE-2022-31254/ SUSE CVE CVE-2022-31254 page https://www.suse.com/security/cve/CVE-2023-27530/ SUSE CVE CVE-2023-27530 page https://www.suse.com/security/cve/CVE-2023-28120/ SUSE CVE CVE-2023-28120 page Container suse/rmt-server:latest SUSE Linux Enterprise Module for Public Cloud 15 SP5 SUSE Linux Enterprise Module for Server Applications 15 SP5 openSUSE Leap 15.5 rmt-server-2.13-150500.3.3.1 rmt-server-config-2.13-150500.3.3.1 rmt-server-pubcloud-2.13-150500.3.3.1 rmt-server-2.13-150500.3.3.1 as a component of Container suse/rmt-server:latest rmt-server-config-2.13-150500.3.3.1 as a component of Container suse/rmt-server:latest rmt-server-pubcloud-2.13-150500.3.3.1 as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP5 rmt-server-2.13-150500.3.3.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP5 rmt-server-config-2.13-150500.3.3.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP5 rmt-server-2.13-150500.3.3.1 as a component of openSUSE Leap 15.5 rmt-server-config-2.13-150500.3.3.1 as a component of openSUSE Leap 15.5 rmt-server-pubcloud-2.13-150500.3.3.1 as a component of openSUSE Leap 15.5 A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to root. This issue affects: SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.10. SUSE Linux Enterprise Server for SAP 15-SP1 rmt-server versions prior to 2.10. SUSE Manager Server 4.1 rmt-server versions prior to 2.10. openSUSE Leap 15.3 rmt-server versions prior to 2.10. openSUSE Leap 15.4 rmt-server versions prior to 2.10. CVE-2022-31254 Container suse/rmt-server:latest:rmt-server-2.13-150500.3.3.1 Container suse/rmt-server:latest:rmt-server-config-2.13-150500.3.3.1 SUSE Linux Enterprise Module for Public Cloud 15 SP5:rmt-server-pubcloud-2.13-150500.3.3.1 SUSE Linux Enterprise Module for Server Applications 15 SP5:rmt-server-2.13-150500.3.3.1 SUSE Linux Enterprise Module for Server Applications 15 SP5:rmt-server-config-2.13-150500.3.3.1 openSUSE Leap 15.5:rmt-server-2.13-150500.3.3.1 openSUSE Leap 15.5:rmt-server-config-2.13-150500.3.3.1 openSUSE Leap 15.5:rmt-server-pubcloud-2.13-150500.3.3.1 important 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232781-1/ https://www.suse.com/security/cve/CVE-2022-31254.html CVE-2022-31254 https://bugzilla.suse.com/1204285 SUSE Bug 1204285 https://bugzilla.suse.com/1207670 SUSE Bug 1207670 A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected. CVE-2023-27530 Container suse/rmt-server:latest:rmt-server-2.13-150500.3.3.1 Container suse/rmt-server:latest:rmt-server-config-2.13-150500.3.3.1 SUSE Linux Enterprise Module for Public Cloud 15 SP5:rmt-server-pubcloud-2.13-150500.3.3.1 SUSE Linux Enterprise Module for Server Applications 15 SP5:rmt-server-2.13-150500.3.3.1 SUSE Linux Enterprise Module for Server Applications 15 SP5:rmt-server-config-2.13-150500.3.3.1 openSUSE Leap 15.5:rmt-server-2.13-150500.3.3.1 openSUSE Leap 15.5:rmt-server-config-2.13-150500.3.3.1 openSUSE Leap 15.5:rmt-server-pubcloud-2.13-150500.3.3.1 important 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232781-1/ https://www.suse.com/security/cve/CVE-2023-27530.html CVE-2023-27530 https://bugzilla.suse.com/1209095 SUSE Bug 1209095 There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. CVE-2023-28120 Container suse/rmt-server:latest:rmt-server-2.13-150500.3.3.1 Container suse/rmt-server:latest:rmt-server-config-2.13-150500.3.3.1 SUSE Linux Enterprise Module for Public Cloud 15 SP5:rmt-server-pubcloud-2.13-150500.3.3.1 SUSE Linux Enterprise Module for Server Applications 15 SP5:rmt-server-2.13-150500.3.3.1 SUSE Linux Enterprise Module for Server Applications 15 SP5:rmt-server-config-2.13-150500.3.3.1 openSUSE Leap 15.5:rmt-server-2.13-150500.3.3.1 openSUSE Leap 15.5:rmt-server-config-2.13-150500.3.3.1 openSUSE Leap 15.5:rmt-server-pubcloud-2.13-150500.3.3.1 moderate 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232781-1/ https://www.suse.com/security/cve/CVE-2023-28120.html CVE-2023-28120 https://bugzilla.suse.com/1209505 SUSE Bug 1209505