Overview

File _patchinfo of Package patchinfo.39356

<patchinfo incident="39356">
  <issue tracker="bnc" id="1236836">When registering SUMA ARM64 the repositories are missing</issue>
  <issue tracker="bnc" id="1242898">VUL-0: CVE-2025-32441: rmt-server: rack: Rack Session Reuse Vulnerability</issue>
  <issue tracker="bnc" id="1242893">VUL-0: CVE-2025-46727: rmt-server: rack: Unbounded-Parameter DoS in Rack:QueryParser</issue>
  <issue tracker="bnc" id="1236600">Registration sharing fails due to system token being taken</issue>
  <issue tracker="bnc" id="1237373">Error trying to read from 'plugin:/susecloud?credentials ... ' Failed to retrieve new repository metadata</issue>
  <issue tracker="bnc" id="1236816">Migration from Micro 5.5 to Micro 6.X fails due to product identifier change</issue>
  <issue tracker="bnc" id="1244166">registration 500 Internal Server Error shows TypeError (no implicit conversion of nil into String):</issue>
  <issue tracker="cve" id="2025-32441"/>
  <issue tracker="cve" id="2025-46727"/>
  <packager>digitaltomm</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for rmt-server</summary>
  <description>This update for rmt-server fixes the following issues:

- Update to version 2.23
- CVE-2025-46727: Fixed Unbounded-Parameter DoS in Rack:QueryParser. (bsc#1242893)
- CVE-2025-32441: Fixed a bug where simultaneous rack requests can restore a deleted rack session. (bsc#1242898)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places