Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP5:Update
patchinfo.29650
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.29650
<patchinfo incident="29650"> <issue tracker="bnc" id="1204769">RMT Mirror Warning product.license/directory.yast - File does not exist and Error while mirroring packages</issue> <issue tracker="bnc" id="1211398">smt-gce.susecloud.net is denied for SLEM 5.4 repository on GCE instance after some time</issue> <issue tracker="bnc" id="1204285">VUL-0: CVE-2022-31254: rmt-server: rmt-server-pubcloud allows to escalate from user _rmt to root</issue> <issue tracker="bnc" id="1203171">Mirroring RHEL channels results in Error while moving directory read-only file system</issue> <issue tracker="bnc" id="1209507">VUL-0: CVE-2023-28120: rmt-server: rubygem-activesupport: Possible XSS in SafeBuffer#bytesplice</issue> <issue tracker="bnc" id="1209096">VUL-0: CVE-2023-27530: rmt-server: rubygem-rack: Denial of service in Multipart MIME parsing</issue> <issue tracker="bnc" id="1205089">RMT 2.9 breaks cloud client system registration</issue> <issue tracker="bnc" id="1207670">rmt: wrong permissions on /usr/share/rmt/config/secrets.yml.key after package installation 2.10 works with 2.9</issue> <issue tracker="bnc" id="1202053">Nokogiri was built against LibXML version 2.9.12, but has dynamically loaded 2.9.14</issue> <issue tracker="bnc" id="1206593">[Build :27148:rmt-server] openQA test fails in update_install - posttrans script failed, nginx.service not active, cannot reload</issue> <issue tracker="bnc" id="1209825">rmt-client-setup-res forces use of HTTP (without S)</issue> <issue tracker="cve" id="2022-31254"/> <issue tracker="cve" id="2023-28120"/> <issue tracker="cve" id="2023-27530"/> <packager>digitaltomm</packager> <rating>important</rating> <category>security</category> <summary>Security update for rmt-server</summary> <description>This update for rmt-server fixes the following issues: Update to version 2.13: - CVE-2023-28120: Fixed a possible XSS Security Vulnerability in bytesliced strings for html_safe (bsc#1209507). - CVE-2023-27530: Fixed a DoS in multipart mime parsing (bsc#1209096). - CVE-2022-31254: Fixed escalation vector bug from user _rmt to root in the packaging file (bsc#1204285). Bug fixes: - Handle X-Original-URI header, partial fix for (bsc#1211398) - Force rmt-client-setup-res script to use https (bsc#1209825) - Mark secrets.yml.key file as part of the rpm to allow seamless downgrades (bsc#1207670) - Adding -f to the file move command when moving the mirrored directory to its final location (bsc#1203171) - Fix %post install of pubcloud subpackage reload of nginx (bsc#1206593) - Skip warnings regarding nokogiri libxml version mismatch (bsc#1202053) - Add option to turn off system token support (bsc#1205089) - Do not retry to import non-existing files in air-gapped mode (bsc#1204769) </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
