SUSE-SU-2026:1745-1

Description of the patch:

This update for rmt-server fixes the following issues:

Update to version 2.27.

Security issues fixed:

• CVE-2026-26961: rack: greedy multipart boundary parsing can lead to parser differentials and WAF bypass (bsc#1261398).
• CVE-2026-26962: rack: improper unfolding of folded multipart headers can lead to downstream header injection and response splitting(bsc#1261471).
• CVE-2026-34763: rack: unescaped regex interpolation of configured root path can lead to root directory disclosure (bsc#1261406).
• CVE-2026-34785: rack: prefix matching logic can lead to the exposure of unintended files under the static root (bsc#1261417).
• CVE-2026-34786: rack: URL-encoded path mismatch can lead to header_rules bypass (bsc#1261426).
• CVE-2026-34826: rack: missing individual byte range limit checks when parsing HTTP Range headers can lead to excessive resource consumption and a denial of service (bsc#1261436).
• CVE-2026-34829: rack: multipart parsing without Content-Length header can lead to unbounded chunked file uploads and a denial of service (bsc#1261447).
• CVE-2026-34230: rack: quadratic complexity when processing of wildcard Accept-Encoding headers can lead to a denial of service (bsc#1261388).
• CVE-2026-34830: rack: improper sanitization of the X-Accel-Mapping request header can lead to the exposure of unintended files via X-Accel-Redirect (bsc#1261458).
• CVE-2026-34831: rack: Content-Length header and body byte size mismatch when creating error responses can lead to incorrect HTTP response framing (bsc#1261466).

Other updates and bugfixes:

• Fix ReDoS in Addressable.
• Fix out-of-bounds read in rdiscount.