First published: Fri Apr 03 2020(Updated: )
A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Public Cloud 15-SP1, SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux Enterprise Module for Server Applications 15-SP1, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1 allows remote attackers to cause DoS against rmt by requesting migrations. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise High Performance Computing 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Public Cloud 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Module for Server Applications 15 rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Server Applications 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Server 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.5.2-3.26.1. openSUSE Leap 15.1 rmt-server versions prior to 2.5.2-lp151.2.9.1.
Credit: meissner@suse.de
Affected Software | Affected Version | How to fix |
---|---|---|
Opensuse Rmt-server | <=2.5.2-3.26.1 | |
SUSE Linux Enterprise High Performance Computing | =15.0 | |
SUSE Linux Enterprise High Performance Computing | =15.0 | |
SUSE Linux Enterprise Server | =15 | |
Suse Linux Enterprise Server Ltss | =15 | |
Suse Linux Enterprise Server Sap | =15 | |
Opensuse Rmt-server | <=2.5.2-3.9.1 | |
Suse Linux Enterprise Public Cloud | =15.0-sp1 | |
SUSE Linux Enterprise Server | =15-sp1 | |
Opensuse Rmt-server | <=2.5.2-lp151.2.9.1 | |
openSUSE Leap | =15.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-18904 is a vulnerability in rmt of SUSE Linux Enterprise High Performance Computing, which allows uncontrolled resource consumption.
The severity of CVE-2019-18904 is high, with a severity value of 7.5.
The affected software includes SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, and SUSE Linux Enterprise Module for Public Cloud 15-SP1.
To fix the CVE-2019-18904 vulnerability, update the rmt-server software to version 2.5.2-3.26.1 or later.
You can find more information about CVE-2019-18904 at the following link: [https://bugzilla.suse.com/show_bug.cgi?id=1160922](https://bugzilla.suse.com/show_bug.cgi?id=1160922)