Security update for rmt-server
This update for rmt-server to version 1.1.1 fixes the following issues:
The following issues have been fixed:
- Fixed migration problems which caused some extensions / modules to be dropped (bsc#1118584, bsc#1118579)
- Fixed listing of mirrored products (bsc#1102193)
- Include online migration paths into offline migration (bsc#1117106)
- Sync products that do not have a base product (bsc#1109307)
- Fixed SLP auto discovery for RMT (bsc#1113760)
Update dependencies for security fixes:
- CVE-2018-16468: Update loofah to 2.2.3 (bsc#1113969)
- CVE-2018-16470: Update rack to 2.0.6 (bsc#1114831)
- CVE-2018-14404: Update nokogiri to 1.8.5 (bsc#1102046)
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Hernan Schmidt (hfschmidt)
Fixed bugs
bnc#1118584
[Migration] [build108.1] upgrade from SLED12SP4 to SLED15SP1 via proxySCC: WE is not installed automatically
bnc#1113969
VUL-0: CVE-2018-16468: rubygem-loofah: XXS: remove the svg animate attribute `from` from the allowlist
bnc#1114831
VUL-0: CVE-2018-16470: rubygem-rack: Buffer size in multipart parser allows for denial of service
bnc#1102046
VUL-1: CVE-2018-14404 libxml2: NULL pointer dereference in xpath.c:xmlXPathCompOpEval() can allow attackers to cause a denial of service
bnc#1113760
/etc/slp.reg.d/smt.reg missing with RMT
bnc#1118579
[Migration] [build108.1] upgrade from SLED12SP4+SDK to SLED15SP1 via proxySCC: SDK stay unchanged
bnc#1109307
RMT does not mirror SUSE Manager Tools 12/15
bnc#1102193
rmt-cli lists products enabled for mirroring by default I don't want
bnc#1117106
[Build 100.4] support offline migration in between service packs (SLES15GA -> SLES15SP1)
