Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

openSUSE Leap 16.0 rmt-server Important DoS Vulnern 2026-21225-1

opensuse
Calendar Grey July 4, 2026
Dist Opensuse Esm H88
Critical security update for openSUSE rmt-server resolves vulnerability with 11 additional bug fixes. Update recommended.
An update that solves one vulnerability and has 11 bug fixes can now be installed.

Description

This update for rmt-server fixes the following issue

Update to 3.0.0:

- CVE-2026-42256: net-imap: hostile server can perform a DoS on client authenticating a connection with SCRAM-SHA1 or

SCRAM-SHA2 (bsc#1265369).

Changes for rmt-server:

- Version 3.0.0

* Security fix: Remove unused ActionMailer/ActionMailbox components to

eliminate CVE-2026-42256 (bsc#1265369)

* Split Rails meta-gem into individual components for better security control

- Version 2.26

* Add support for processing, storing, and syncing system profiles (jsc#TEL-265)

- Version 2.25

* fix rmt-cli list and purge commands for large data (bsc#1253146 and bsc#1253147)

* Fix mirroring of SLE16 NVIDIA-GPU-Compute-Toolkit-CUDA repo (bsc#1256826)

* Support for new redirect_repo_hosts config, to exclude some repo hosts

from mirroring, and send clients directly there (jsc#SCC-452)

* rmt-server-pubcloud

* Clearer error message (bsc#1256883)

* Handle zypper response when data exporter raises an error (bsc#1257133)

...

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

ansible-rmt-server-3.0.0-160000.1.1

rmt-server-3.0.0-160000.1.1

rmt-server-config-3.0.0-160000.1.1

rmt-server-pubcloud-3.0.0-160000.1.1

References

* bsc#1246976

* bsc#1248510

* bsc#1248869

* bsc#1251937

* bsc#1253146

* bsc#1253147

* bsc#1253953

* bsc#1256826

* bsc#1256883

* bsc#1257133

* bsc#1265369

References:

* https://www.suse.com/security/cve/CVE-2026-42256.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:21225-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here