Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

SUSE Linux Enterprise 15-SP2: 2020:3036-1 Important: Rmt-Server Update

suse
Calendar Grey October 26, 2020
Dist Suse Esm H88
Important release for rmt-server addressing 16 security flaws, complete with comprehensive update guidelines provided.
An update that fixes 16 vulnerabilities is now available

Summary

This update for rmt-server fixes the following issues: Update to version 2.6.5: - Solved potential bug of SCC repository URLs changing over time. RMT now self heals by removing the previous invalid repository and creating the correct one. - Add web server settings to /etc/rmt.conf: Now it's possible to configure the minimum and maximum threads count as well the number of web server workers to be booted through /etc/rmt.conf. - Instead of using an MD5 of URLs for custom repository friendly_ids, RMT now builds an ID from the name. - Fix RMT file caching based on timestamps: Previously, RMT sent GET requests with the header 'If-Modified-Since' to a repository server and if the response had a 304 (Not Modified), it would copy a file from the local cache instead of downloading. However, if the local file timestamp

References

#1165548 #1168554 #1172177 #1172182 #1172184

#1172186 #1173351

Cross- CVE-2019-16770 CVE-2019-5418 CVE-2019-5419

CVE-2019-5420 CVE-2020-11076 CVE-2020-11077

CVE-2020-15169 CVE-2020-5247 CVE-2020-5249

CVE-2020-5267 CVE-2020-8164 CVE-2020-8165

CVE-2020-8166 CVE-2020-8167 CVE-2020-8184

CVE-2020-8185

Affected Products:

SUSE Linux Enterprise Module for Server Applications 15-SP2

SUSE Linux Enterprise Module for Public Cloud 15-SP2

https://www.suse.com/security/cve/CVE-2019-16770.html

https://www.suse.com/security/cve/CVE-2019-5418.html

https://www.suse.com/security/cve/CVE-2019-5419.html

https://www.suse.com/security/cve/CVE-2019-5420.html

https://www.suse.com/security/cve/CVE-2020-11076.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2020:3036-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.