SUSE-SU-2023:2781-1 -- SLES rmt-serverID: oval:org.secpod.oval:def:89049049 | Date: (C)2023-07-18 (M)2024-01-29 |
Class: PATCH | Family: unix |
This update for rmt-server fixes the following issues: Update to version 2.13: * CVE-2023-28120: Fixed a possible XSS Security Vulnerability in bytesliced strings for html_safe . * CVE-2023-27530: Fixed a DoS in multipart mime parsing . * CVE-2022-31254: Fixed escalation vector bug from user _rmt to root in the packaging file . Bug fixes: * Handle X-Original-URI header, partial fix for * Force rmt-client-setup-res script to use https * Mark secrets.yml.key file as part of the rpm to allow seamless downgrades * Adding -f to the file move command when moving the mirrored directory to its final location * Fix %post install of pubcloud subpackage reload of nginx * Skip warnings regarding nokogiri libxml version mismatch * Add option to turn off system token support * Do not retry to import non-existing files in air-gapped mode
Platform: |
SUSE Linux Enterprise Server 15 SP5 |