SUSE-SU-2025:02329-1

Details

This update for rmt-server fixes the following issues:

Update to version 2.23
CVE-2025-46727: Fixed Unbounded-Parameter DoS in Rack:QueryParser. (bsc#1242893)
CVE-2025-32441: Fixed a bug where simultaneous rack requests can restore a deleted rack session. (bsc#1242898)

Affected Packages

rmt-server

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP4-LTSSSUSE Linux Enterprise Module for Public Cloud 15 SP4SUSE Linux Enterprise Server 15 SP4-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP4

Fixed in:

2.23-150400.3.42.1

rmt-server-config

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP4-LTSSSUSE Linux Enterprise Server 15 SP4-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP4SUSE Manager Proxy 4.3

Fixed in:

2.23-150400.3.42.1

rmt-server-pubcloud

SUSE Linux Enterprise Module for Public Cloud 15 SP4

Fixed in:

2.23-150400.3.42.1

References

REPORT

https://bugzilla.suse.com/1236600

REPORT

https://bugzilla.suse.com/1236816

REPORT