SUSE-SU-2023:0023-1

Details

This update for rmt-server fixes the following issues:

Update to version 2.10:

Add option to turn off system token support (bsc#1205089)
Update the last_seen_at column on zypper service refresh
Do not retry to import non-existing files in air-gapped mode (bsc#1204769)
CVE-2022-31254: Fixed a local privilege escalation related to the packaging of rmt-server (bsc#1204285).

Affected Packages

rmt-server

SUSE Enterprise Storage 7SUSE Linux Enterprise High Performance Computing 15 SP2-LTSSSUSE Linux Enterprise Module for Public Cloud 15 SP2SUSE Linux Enterprise Server 15 SP2-BCLSUSE Linux Enterprise Server 15 SP2-LTSS

Fixed in:

2.10-150200.3.29.1

rmt-server-config

SUSE Enterprise Storage 7SUSE Linux Enterprise High Performance Computing 15 SP2-LTSSSUSE Linux Enterprise Server 15 SP2-BCLSUSE Linux Enterprise Server 15 SP2-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP2

Fixed in:

2.10-150200.3.29.1

rmt-server-pubcloud

SUSE Linux Enterprise Module for Public Cloud 15 SP2

Fixed in:

2.10-150200.3.29.1

References

REPORT

https://bugzilla.suse.com/1204285

REPORT

https://bugzilla.suse.com/1204769

REPORT

https://bugzilla.suse.com/1205089

WEB

https://www.suse.com/security/cve/CVE-2022-31254

ADVISORY

https://www.suse.com/support/update/announcement/2023/suse-su-20230023-1/