| Revision Date: | 2020-12-01 | Version: | 1 |
| Title: | Security update for rmt-server (Important) |
| Description: |
This update for rmt-server fixes the following issues:
Update to version 2.6.5: - Solved potential bug of SCC repository URLs changing over time. RMT now self heals by removing the previous invalid repository and creating the correct one. - Add web server settings to /etc/rmt.conf: Now it's possible to configure the minimum and maximum threads count as well the number of web server workers to be booted through /etc/rmt.conf. - Instead of using an MD5 of URLs for custom repository friendly_ids, RMT now builds an ID from the name. - Fix RMT file caching based on timestamps: Previously, RMT sent GET requests with the header 'If-Modified-Since' to a repository server and if the response had a 304 (Not Modified), it would copy a file from the local cache instead of downloading. However, if the local file timestamp accidentally changed to a date newer than the one on the repository server, RMT would have an outdated file, which caused some errors. Now, RMT makes HEAD requests to the repositories servers and inspect the 'Last-Modified' header to decide whether to download a file or copy it from cache, by comparing the equalness of timestamps. - Fixed an issue where relative paths supplied to `rmt-cli import repos` caused the command to fail. - Friendlier IDs for custom repositories: In an effort to simplify the handling of SCC and custom repositories, RMT now has friendly IDs. For SCC repositories, it's the same SCC ID as before. For custom repositories, it can either be user provided or RMT generated (MD5 of the provided URL). Benefits: * `rmt-cli mirror repositories` now works for custom repositories. * Custom repository IDs can be the same across RMT instances. * No more confusing 'SCC ID' vs 'ID' in `rmt-cli` output. Deprecation Warnings: * RMT now uses a different ID for custom repositories than before. RMT still supports that old ID, but it's recommended to start using the new ID to ensure future compatibility. - Updated rails and puma dependencies for security fixes.
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1001951
1021315
1022263
1022264
1022265
1022283
1022284
1022553
1094420
1165548
1168554
1172177
1172182
1172184
1172186
1173351
912460
929414
931978
961491
982779
CVE-2007-5970
CVE-2008-1686
CVE-2008-7247
CVE-2009-1886
CVE-2009-1888
CVE-2009-2813
CVE-2009-2906
CVE-2009-2948
CVE-2009-3627
CVE-2009-4019
CVE-2009-4028
CVE-2009-4030
CVE-2010-0547
CVE-2010-0728
CVE-2010-0787
CVE-2010-0926
CVE-2010-1635
CVE-2010-1642
CVE-2010-2063
CVE-2010-3069
CVE-2010-5298
CVE-2011-0719
CVE-2011-1831
CVE-2011-1832
CVE-2011-1833
CVE-2011-1834
CVE-2011-1835
CVE-2011-1836
CVE-2011-1837
CVE-2011-2522
CVE-2011-2694
CVE-2012-0817
CVE-2012-0870
CVE-2012-1182
CVE-2012-2111
CVE-2012-5615
CVE-2012-6150
CVE-2013-0157
CVE-2013-0172
CVE-2013-0213
CVE-2013-0214
CVE-2013-0454
CVE-2013-1863
CVE-2013-1976
CVE-2013-4124
CVE-2013-4408
CVE-2013-4475
CVE-2013-4476
CVE-2013-4496
CVE-2013-5653
CVE-2013-6442
CVE-2014-0178
CVE-2014-0195
CVE-2014-0198
CVE-2014-0221
CVE-2014-0224
CVE-2014-0239
CVE-2014-0244
CVE-2014-2494
CVE-2014-3470
CVE-2014-3493
CVE-2014-3560
CVE-2014-4207
CVE-2014-4258
CVE-2014-4260
CVE-2014-4274
CVE-2014-4287
CVE-2014-5044
CVE-2014-6463
CVE-2014-6464
CVE-2014-6469
CVE-2014-6474
CVE-2014-6478
CVE-2014-6484
CVE-2014-6489
CVE-2014-6491
CVE-2014-6494
CVE-2014-6495
CVE-2014-6496
CVE-2014-6500
CVE-2014-6505
CVE-2014-6507
CVE-2014-6520
CVE-2014-6530
CVE-2014-6551
CVE-2014-6555
CVE-2014-6559
CVE-2014-6564
CVE-2014-6568
CVE-2014-8143
CVE-2014-8964
CVE-2014-9114
CVE-2014-9638
CVE-2014-9639
CVE-2014-9640
CVE-2014-9687
CVE-2014-9721
CVE-2015-0240
CVE-2015-0374
CVE-2015-0381
CVE-2015-0382
CVE-2015-0391
CVE-2015-0411
CVE-2015-0432
CVE-2015-0433
CVE-2015-0441
CVE-2015-0499
CVE-2015-0501
CVE-2015-0505
CVE-2015-2325
CVE-2015-2326
CVE-2015-2568
CVE-2015-2571
CVE-2015-2573
CVE-2015-3152
CVE-2015-3223
CVE-2015-3622
CVE-2015-4792
CVE-2015-4802
CVE-2015-4807
CVE-2015-4815
CVE-2015-4826
CVE-2015-4830
CVE-2015-4836
CVE-2015-4858
CVE-2015-4861
CVE-2015-4870
CVE-2015-4913
CVE-2015-5218
CVE-2015-5252
CVE-2015-5276
CVE-2015-5296
CVE-2015-5299
CVE-2015-5330
CVE-2015-5370
CVE-2015-5969
CVE-2015-6749
CVE-2015-7560
CVE-2015-8467
CVE-2015-8543
CVE-2016-0505
CVE-2016-0546
CVE-2016-0596
CVE-2016-0597
CVE-2016-0598
CVE-2016-0600
CVE-2016-0606
CVE-2016-0608
CVE-2016-0609
CVE-2016-0616
CVE-2016-0640
CVE-2016-0641
CVE-2016-0642
CVE-2016-0643
CVE-2016-0644
CVE-2016-0646
CVE-2016-0647
CVE-2016-0648
CVE-2016-0649
CVE-2016-0650
CVE-2016-0651
CVE-2016-0655
CVE-2016-0666
CVE-2016-0668
CVE-2016-0771
CVE-2016-10164
CVE-2016-10166
CVE-2016-10167
CVE-2016-10168
CVE-2016-1572
CVE-2016-2047
CVE-2016-2110
CVE-2016-2111
CVE-2016-2112
CVE-2016-2113
CVE-2016-2115
CVE-2016-2118
CVE-2016-2119
CVE-2016-3477
CVE-2016-3521
CVE-2016-3615
CVE-2016-4008
CVE-2016-5011
CVE-2016-5104
CVE-2016-5440
CVE-2016-6662
CVE-2016-6906
CVE-2016-6912
CVE-2016-7978
CVE-2016-7979
CVE-2016-9317
CVE-2016-9634
CVE-2016-9635
CVE-2016-9636
CVE-2016-9807
CVE-2016-9808
CVE-2016-9810
CVE-2017-2616
CVE-2019-16770
CVE-2019-5418
CVE-2019-5419
CVE-2019-5420
CVE-2020-11076
CVE-2020-11077
CVE-2020-15169
CVE-2020-5247
CVE-2020-5249
CVE-2020-5267
CVE-2020-8164
CVE-2020-8165
CVE-2020-8166
CVE-2020-8167
CVE-2020-8184
CVE-2020-8185
SUSE-SU-2015:1510-1
SUSE-SU-2016:1601-1
SUSE-SU-2016:2492-1
SUSE-SU-2017:0467-1
SUSE-SU-2017:0468-1
SUSE-SU-2018:1952-1
SUSE-SU-2020:3036-1
|
| Platform(s): | openSUSE Leap 15.0
openSUSE Leap 15.1
openSUSE Leap 15.1 NonFree
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Module for Public Cloud 15 SP2
SUSE Linux Enterprise Module for Server Applications 15
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
| Product(s): | |
| Definition Synopsis |
| openSUSE Leap 15.0 is installed AND Package Information
curl-7.59.0-lp150.1 is installed
OR libcurl4-7.59.0-lp150.1 is installed
OR libcurl4-32bit-7.59.0-lp150.1 is installed
|
| Definition Synopsis |
| openSUSE Leap 15.1 is installed
AND Package Information
nfs-client-2.1.1-lp151.7.3 is installed
OR nfs-doc-2.1.1-lp151.7.3 is installed
OR nfs-kernel-server-2.1.1-lp151.7.3 is installed
OR nfs-utils-2.1.1-lp151.7.3 is installed
|
| Definition Synopsis |
| openSUSE Leap 15.1 NonFree is installed
AND opera-63.0.3368.66-lp151.2.6 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Desktop 11 SP2 is installed
AND Package Information
libxslt-1.1.24-19.23 is installed
OR libxslt-32bit-1.1.24-19.23 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Desktop 11 SP3 is installed
AND Package Information
glibc-2.11.3-17.95 is installed
OR glibc-32bit-2.11.3-17.95 is installed
OR glibc-devel-2.11.3-17.95 is installed
OR glibc-devel-32bit-2.11.3-17.95 is installed
OR glibc-i18ndata-2.11.3-17.95 is installed
OR glibc-locale-2.11.3-17.95 is installed
OR glibc-locale-32bit-2.11.3-17.95 is installed
OR nscd-2.11.3-17.95 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Desktop 11 SP4 is installed
AND Package Information
glibc-2.11.3-17.95 is installed
OR glibc-32bit-2.11.3-17.95 is installed
OR glibc-devel-2.11.3-17.95 is installed
OR glibc-devel-32bit-2.11.3-17.95 is installed
OR glibc-i18ndata-2.11.3-17.95 is installed
OR glibc-locale-2.11.3-17.95 is installed
OR glibc-locale-32bit-2.11.3-17.95 is installed
OR nscd-2.11.3-17.95 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Desktop 12 is installed
AND Package Information
libzmq3-4.0.4-13 is installed
OR zeromq-4.0.4-13 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Desktop 12 SP1 is installed
AND Package Information
ghostscript-9.15-11 is installed
OR ghostscript-x11-9.15-11 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Desktop 12 SP2 is installed
AND Package Information
ecryptfs-utils-103-7 is installed
OR ecryptfs-utils-32bit-103-7 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Desktop 12 SP3 is installed
AND Package Information
cpp48-4.8.5-30 is installed
OR gcc48-4.8.5-30 is installed
OR gcc48-32bit-4.8.5-30 is installed
OR gcc48-c++-4.8.5-30 is installed
OR gcc48-gij-4.8.5-30 is installed
OR gcc48-gij-32bit-4.8.5-30 is installed
OR gcc48-info-4.8.5-30 is installed
OR libasan0-4.8.5-30 is installed
OR libasan0-32bit-4.8.5-30 is installed
OR libgcj48-4.8.5-30 is installed
OR libgcj48-32bit-4.8.5-30 is installed
OR libgcj48-jar-4.8.5-30 is installed
OR libgcj_bc1-4.8.5-30 is installed
OR libstdc++48-devel-4.8.5-30 is installed
OR libstdc++48-devel-32bit-4.8.5-30 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Desktop 12 SP4 is installed
AND Package Information
gstreamer-0_10-plugins-good-0.10.31-16 is installed
OR gstreamer-0_10-plugins-good-lang-0.10.31-16 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Module for Public Cloud 15 SP2 is installed
AND Package Information
rmt-server-2.6.5-3.3 is installed
OR rmt-server-pubcloud-2.6.5-3.3 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Module for Server Applications 15 is installed
AND Package Information
dpdk-17.11.2-3.2 is installed
OR dpdk-devel-17.11.2-3.2 is installed
OR dpdk-kmp-default-17.11.2_k4.12.14_23-3.2 is installed
OR dpdk-thunderx-17.11.2-3.2 is installed
OR dpdk-thunderx-devel-17.11.2-3.2 is installed
OR dpdk-thunderx-kmp-default-17.11.2_k4.12.14_23-3.2 is installed
OR dpdk-tools-17.11.2-3.2 is installed
OR libdpdk-17_11-0-17.11.2-3.2 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP1 is installed
AND Package Information
libjpeg-turbo-1.3.1-30 is installed
OR libjpeg62-62.1.0-30 is installed
OR libjpeg62-32bit-62.1.0-30 is installed
OR libjpeg62-turbo-1.3.1-30 is installed
OR libjpeg8-8.0.2-30 is installed
OR libjpeg8-32bit-8.0.2-30 is installed
OR libturbojpeg0-8.0.2-30 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP1-LTSS is installed
AND Package Information
kernel-default-3.12.74-60.64.63 is installed
OR kernel-default-base-3.12.74-60.64.63 is installed
OR kernel-default-devel-3.12.74-60.64.63 is installed
OR kernel-default-man-3.12.74-60.64.63 is installed
OR kernel-devel-3.12.74-60.64.63 is installed
OR kernel-macros-3.12.74-60.64.63 is installed
OR kernel-source-3.12.74-60.64.63 is installed
OR kernel-syms-3.12.74-60.64.63 is installed
OR kernel-xen-3.12.74-60.64.63 is installed
OR kernel-xen-base-3.12.74-60.64.63 is installed
OR kernel-xen-devel-3.12.74-60.64.63 is installed
OR kgraft-patch-3_12_74-60_64_63-default-1-2 is installed
OR kgraft-patch-3_12_74-60_64_63-xen-1-2 is installed
OR kgraft-patch-SLE12-SP1_Update_22-1-2 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP2 is installed
AND Package Information
java-1_7_0-openjdk-1.7.0.111-33 is installed
OR java-1_7_0-openjdk-demo-1.7.0.111-33 is installed
OR java-1_7_0-openjdk-devel-1.7.0.111-33 is installed
OR java-1_7_0-openjdk-headless-1.7.0.111-33 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP2-BCL is installed
AND Package Information
gpg2-2.0.24-9.3 is installed
OR gpg2-lang-2.0.24-9.3 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
AND Package Information
java-1_7_1-ibm-1.7.1_sr4.25-38.23 is installed
OR java-1_7_1-ibm-alsa-1.7.1_sr4.25-38.23 is installed
OR java-1_7_1-ibm-devel-1.7.1_sr4.25-38.23 is installed
OR java-1_7_1-ibm-jdbc-1.7.1_sr4.25-38.23 is installed
OR java-1_7_1-ibm-plugin-1.7.1_sr4.25-38.23 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP2-LTSS is installed
AND Package Information
java-1_8_0-openjdk-1.8.0.171-27.19 is installed
OR java-1_8_0-openjdk-demo-1.8.0.171-27.19 is installed
OR java-1_8_0-openjdk-devel-1.8.0.171-27.19 is installed
OR java-1_8_0-openjdk-headless-1.8.0.171-27.19 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP3 is installed
AND libmodplug1-0.8.8.4-13 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP3-BCL is installed
AND Package Information
MozillaFirefox-68.2.0-109.95 is installed
OR MozillaFirefox-translations-common-68.2.0-109.95 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
AND Package Information
libecpg6-10.9-1.12 is installed
OR libpq5-10.9-1.12 is installed
OR libpq5-32bit-10.9-1.12 is installed
OR postgresql10-10.9-1.12 is installed
OR postgresql10-contrib-10.9-1.12 is installed
OR postgresql10-docs-10.9-1.12 is installed
OR postgresql10-libs-10.9-1.12 is installed
OR postgresql10-plperl-10.9-1.12 is installed
OR postgresql10-plpython-10.9-1.12 is installed
OR postgresql10-pltcl-10.9-1.12 is installed
OR postgresql10-server-10.9-1.12 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP3-LTSS is installed
AND Package Information
kgraft-patch-4_4_175-94_79-default-5-2 is installed
OR kgraft-patch-SLE12-SP3_Update_23-5-2 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
AND Package Information
hostinfo-1.0.1-19.5 is installed
OR supportutils-3.0-95.21 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP4 is installed
AND Package Information
e2fsprogs-1.43.8-1 is installed
OR libcom_err2-1.43.8-1 is installed
OR libcom_err2-32bit-1.43.8-1 is installed
OR libext2fs2-1.43.8-1 is installed
|
| Definition Synopsis |
| SUSE OpenStack Cloud 6 is installed
AND Package Information
python-paramiko-1.15.2-2.3 is installed
OR python-pycrypto-2.6.1-10.3 is installed
|
| Definition Synopsis |
| SUSE OpenStack Cloud 7 is installed
AND Package Information
openstack-nova-14.0.10~dev13-4.11 is installed
OR openstack-nova-api-14.0.10~dev13-4.11 is installed
OR openstack-nova-cells-14.0.10~dev13-4.11 is installed
OR openstack-nova-cert-14.0.10~dev13-4.11 is installed
OR openstack-nova-compute-14.0.10~dev13-4.11 is installed
OR openstack-nova-conductor-14.0.10~dev13-4.11 is installed
OR openstack-nova-console-14.0.10~dev13-4.11 is installed
OR openstack-nova-consoleauth-14.0.10~dev13-4.11 is installed
OR openstack-nova-doc-14.0.10~dev13-4.11 is installed
OR openstack-nova-novncproxy-14.0.10~dev13-4.11 is installed
OR openstack-nova-placement-api-14.0.10~dev13-4.11 is installed
OR openstack-nova-scheduler-14.0.10~dev13-4.11 is installed
OR openstack-nova-serialproxy-14.0.10~dev13-4.11 is installed
OR openstack-nova-vncproxy-14.0.10~dev13-4.11 is installed
OR python-nova-14.0.10~dev13-4.11 is installed
|
| Definition Synopsis |
| SUSE OpenStack Cloud 8 is installed
AND Package Information
perl-5.18.2-12.20 is installed
OR perl-32bit-5.18.2-12.20 is installed
OR perl-base-5.18.2-12.20 is installed
OR perl-doc-5.18.2-12.20 is installed
|
| Definition Synopsis |
| SUSE OpenStack Cloud Crowbar 8 is installed
AND Package Information
ruby2.1-rubygem-loofah-2.0.2-3.8 is installed
OR rubygem-loofah-2.0.2-3.8 is installed
|
| Definition Synopsis |
| SUSE OpenStack Cloud Crowbar 9 is installed
AND python-Twisted-15.2.1-9.5 is installed
|