This update for rmt-server fixes the following issue
Update to 3.0.0:
- CVE-2026-42256: net-imap: hostile server can perform a DoS on client authenticating a connection with SCRAM-SHA1 or
SCRAM-SHA2 (bsc#1265369).
Changes for rmt-server:
- Version 3.0.0
* Security fix: Remove unused ActionMailer/ActionMailbox components to
eliminate CVE-2026-42256 (bsc#1265369)
* Split Rails meta-gem into individual components for better security control
- Version 2.26
* Add support for processing, storing, and syncing system profiles (jsc#TEL-265)
- Version 2.25
* fix rmt-cli list and purge commands for large data (bsc#1253146 and bsc#1253147)
* Fix mirroring of SLE16 NVIDIA-GPU-Compute-Toolkit-CUDA repo (bsc#1256826)
* Support for new redirect_repo_hosts config, to exclude some repo hosts
from mirroring, and send clients directly there (jsc#SCC-452)
* rmt-server-pubcloud
* Clearer error message (bsc#1256883)
* Handle zypper response when data exporter raises an error (bsc#1257133)
...
Read the Full Advisory- openSUSE Leap 16.0:
ansible-rmt-server-3.0.0-160000.1.1
rmt-server-3.0.0-160000.1.1
rmt-server-config-3.0.0-160000.1.1
rmt-server-pubcloud-3.0.0-160000.1.1
* bsc#1246976
* bsc#1248510
* bsc#1248869
* bsc#1251937
* bsc#1253146
* bsc#1253147
* bsc#1253953
* bsc#1256826
* bsc#1256883
* bsc#1257133
* bsc#1265369
References:
* https://www.suse.com/security/cve/CVE-2026-42256.html
Get the latest Linux and open source security news straight to your inbox.