Security update for rmt-server

Announcement ID:	SUSE-SU-2026:1745-1
Release Date:	2026-05-07T07:22:43Z
Rating:	important
References:	bsc#1261388 bsc#1261398 bsc#1261406 bsc#1261417 bsc#1261426 bsc#1261436 bsc#1261447 bsc#1261458 bsc#1261466 bsc#1261471
Cross-References:	CVE-2026-26961 CVE-2026-26962 CVE-2026-34230 CVE-2026-34763 CVE-2026-34785 CVE-2026-34786 CVE-2026-34826 CVE-2026-34829 CVE-2026-34830 CVE-2026-34831
CVSS scores:	CVE-2026-26961 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N CVE-2026-26961 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2026-26961 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2026-26961 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2026-26962 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N CVE-2026-26962 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2026-26962 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2026-26962 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2026-34230 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2026-34230 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-34230 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-34230 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-34763 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVE-2026-34763 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2026-34763 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2026-34785 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVE-2026-34785 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2026-34785 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2026-34786 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N CVE-2026-34786 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2026-34786 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2026-34826 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2026-34826 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-34826 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-34826 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-34829 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-34829 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-34829 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-34830 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVE-2026-34830 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2026-34830 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2026-34830 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2026-34831 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N CVE-2026-34831 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2026-34831 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2026-34831 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Products:	Public Cloud Module 15-SP7 Server Applications Module 15-SP7 SUSE Linux Enterprise Real Time 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves 10 vulnerabilities can now be installed.

Description:

This update for rmt-server fixes the following issues:

Update to version 2.27.

Security issues fixed:

• CVE-2026-26961: rack: greedy multipart boundary parsing can lead to parser differentials and WAF bypass (bsc#1261398).
• CVE-2026-26962: rack: improper unfolding of folded multipart headers can lead to downstream header injection and response splitting(bsc#1261471).
• CVE-2026-34763: rack: unescaped regex interpolation of configured root path can lead to root directory disclosure (bsc#1261406).
• CVE-2026-34785: rack: prefix matching logic can lead to the exposure of unintended files under the static root (bsc#1261417).
• CVE-2026-34786: rack: URL-encoded path mismatch can lead to header_rules bypass (bsc#1261426).
• CVE-2026-34826: rack: missing individual byte range limit checks when parsing HTTP Range headers can lead to excessive resource consumption and a denial of service (bsc#1261436).
• CVE-2026-34829: rack: multipart parsing without Content-Length header can lead to unbounded chunked file uploads and a denial of service (bsc#1261447).
• CVE-2026-34230: rack: quadratic complexity when processing of wildcard Accept-Encoding headers can lead to a denial of service (bsc#1261388).
• CVE-2026-34830: rack: improper sanitization of the X-Accel-Mapping request header can lead to the exposure of unintended files via X-Accel-Redirect (bsc#1261458).
• CVE-2026-34831: rack: Content-Length header and body byte size mismatch when creating error responses can lead to incorrect HTTP response framing (bsc#1261466).

Other updates and bugfixes:

• Fix ReDoS in Addressable.
• Fix out-of-bounds read in rdiscount.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• Public Cloud Module 15-SP7
  zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP7-2026-1745=1
• Server Applications Module 15-SP7
  zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-1745=1

Package List:

• Public Cloud Module 15-SP7 (aarch64 ppc64le s390x x86_64)
  • rmt-server-debuginfo-2.27-150700.3.20.1
  • rmt-server-pubcloud-2.27-150700.3.20.1
  • rmt-server-debugsource-2.27-150700.3.20.1
• Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
  • rmt-server-config-2.27-150700.3.20.1
  • rmt-server-debuginfo-2.27-150700.3.20.1
  • rmt-server-debugsource-2.27-150700.3.20.1
  • rmt-server-2.27-150700.3.20.1

References:

• https://www.suse.com/security/cve/CVE-2026-26961.html
• https://www.suse.com/security/cve/CVE-2026-26962.html
• https://www.suse.com/security/cve/CVE-2026-34230.html
• https://www.suse.com/security/cve/CVE-2026-34763.html
• https://www.suse.com/security/cve/CVE-2026-34785.html
• https://www.suse.com/security/cve/CVE-2026-34786.html
• https://www.suse.com/security/cve/CVE-2026-34826.html
• https://www.suse.com/security/cve/CVE-2026-34829.html
• https://www.suse.com/security/cve/CVE-2026-34830.html
• https://www.suse.com/security/cve/CVE-2026-34831.html
• https://bugzilla.suse.com/show_bug.cgi?id=1261388
• https://bugzilla.suse.com/show_bug.cgi?id=1261398
• https://bugzilla.suse.com/show_bug.cgi?id=1261406
• https://bugzilla.suse.com/show_bug.cgi?id=1261417
• https://bugzilla.suse.com/show_bug.cgi?id=1261426
• https://bugzilla.suse.com/show_bug.cgi?id=1261436
• https://bugzilla.suse.com/show_bug.cgi?id=1261447
• https://bugzilla.suse.com/show_bug.cgi?id=1261458
• https://bugzilla.suse.com/show_bug.cgi?id=1261466
• https://bugzilla.suse.com/show_bug.cgi?id=1261471