Overview

File _patchinfo of Package patchinfo.10018

<patchinfo incident="10018">
  <issue tracker="bnc" id="1118584">[Migration] [build108.1] upgrade from SLED12SP4 to SLED15SP1 via proxySCC: WE is not installed automatically</issue>
  <issue tracker="bnc" id="1113969">VUL-0: CVE-2018-16468: rubygem-loofah: XXS: remove the svg animate attribute `from` from the allowlist</issue>
  <issue tracker="bnc" id="1114831">VUL-0: CVE-2018-16470: rubygem-rack: Buffer size in multipart parser allows for denial of service</issue>
  <issue tracker="bnc" id="1102046">VUL-1: CVE-2018-14404 libxml2: NULL pointer dereference in xpath.c:xmlXPathCompOpEval() can allow attackers to cause a denial of service</issue>
  <issue tracker="bnc" id="1113760">/etc/slp.reg.d/smt.reg missing with RMT</issue>
  <issue tracker="bnc" id="1118579">[Migration] [build108.1] upgrade from SLED12SP4+SDK to SLED15SP1 via proxySCC: SDK stay unchanged</issue>
  <issue tracker="bnc" id="1109307">RMT does not mirror SUSE Manager Tools 12/15</issue>
  <issue tracker="bnc" id="1102193">rmt-cli lists products enabled for mirroring by default I don't want</issue>
  <issue tracker="bnc" id="1117106">[Build 100.4] support offline migration in between service packs (SLES15GA -&gt; SLES15SP1)</issue>
  <issue tracker="cve" id="2018-14404"/>
  <issue tracker="cve" id="2018-16470"/>
  <issue tracker="cve" id="2018-16468"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>hfschmidt</packager>
  <description>This update for rmt-server to version 1.1.1 fixes the following issues:

The following issues have been fixed:

- Fixed migration problems which caused some extensions / modules to be dropped (bsc#1118584, bsc#1118579)
- Fixed listing of mirrored products (bsc#1102193)
- Include online migration paths into offline migration (bsc#1117106)
- Sync products that do not have a base product (bsc#1109307)
- Fixed SLP auto discovery for RMT (bsc#1113760)

Update dependencies for security fixes:

- CVE-2018-16468: Update loofah to 2.2.3 (bsc#1113969)
- CVE-2018-16470: Update rack to 2.0.6 (bsc#1114831)
- CVE-2018-14404: Update nokogiri to 1.8.5 (bsc#1102046)
</description>
  <summary>Security update for rmt-server</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places