SUSE-SU-2025:02476-1: critical: Maintenance update for Multi-Linux Manager 4.3 Release Notes Release Notes
SLE-SECURITY-UPDATES
null at suse.de
Wed Jul 23 16:35:40 UTC 2025
# Maintenance update for Multi-Linux Manager 4.3 Release Notes Release Notes
Announcement ID: SUSE-SU-2025:02476-1
Release Date: 2025-07-23T12:37:13Z
Rating: critical
References:
* bsc#1157520
* bsc#1191142
* bsc#1209060
* bsc#1211373
* bsc#1213952
* bsc#1216187
* bsc#1221031
* bsc#1225740
* bsc#1230403
* bsc#1230908
* bsc#1233371
* bsc#1234608
* bsc#1236601
* bsc#1236635
* bsc#1236779
* bsc#1236810
* bsc#1236877
* bsc#1236910
* bsc#1237060
* bsc#1237082
* bsc#1237294
* bsc#1237403
* bsc#1237581
* bsc#1237694
* bsc#1237770
* bsc#1238922
* bsc#1238924
* bsc#1239102
* bsc#1239154
* bsc#1239604
* bsc#1239743
* bsc#1239826
* bsc#1239868
* bsc#1239907
* bsc#1240038
* bsc#1240386
* bsc#1240666
* bsc#1240842
* bsc#1241239
* bsc#1241286
* bsc#1241455
* bsc#1241490
* bsc#1242004
* bsc#1242030
* bsc#1242148
* bsc#1242554
* bsc#1242911
* bsc#1243239
* bsc#1243460
* bsc#1243724
* bsc#1243825
* bsc#1244065
* bsc#1244290
* bsc#1245005
* bsc#1245027
* bsc#1245222
* bsc#1245368
* bsc#1246119
* jsc#MSQA-993
Cross-References:
* CVE-2024-38822
* CVE-2024-38823
* CVE-2024-38824
* CVE-2024-38825
* CVE-2025-22236
* CVE-2025-22237
* CVE-2025-22238
* CVE-2025-22239
* CVE-2025-22240
* CVE-2025-22241
* CVE-2025-22242
* CVE-2025-23392
* CVE-2025-23393
* CVE-2025-46809
* CVE-2025-46811
CVSS scores:
* CVE-2024-38822 ( SUSE ): 5.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2024-38822 ( SUSE ): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
* CVE-2024-38822 ( NVD ): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
* CVE-2024-38823 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2024-38823 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2024-38823 ( NVD ): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
* CVE-2024-38824 ( SUSE ): 9.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
* CVE-2024-38824 ( SUSE ): 9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
* CVE-2024-38824 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
* CVE-2024-38824 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2024-38825 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2024-38825 ( SUSE ): 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
* CVE-2024-38825 ( NVD ): 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
* CVE-2025-22236 ( SUSE ): 6.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L
* CVE-2025-22236 ( SUSE ): 8.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
* CVE-2025-22236 ( NVD ): 8.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
* CVE-2025-22237 ( SUSE ): 8.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22237 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-22237 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-22238 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-22238 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-22238 ( NVD ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
* CVE-2025-22239 ( SUSE ): 6.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L
* CVE-2025-22239 ( SUSE ): 8.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
* CVE-2025-22239 ( NVD ): 8.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
* CVE-2025-22240 ( SUSE ): 5.4
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22240 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-22240 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-22241 ( SUSE ): 5.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-22241 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
* CVE-2025-22241 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
* CVE-2025-22242 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22242 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22242 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H
* CVE-2025-23392 ( SUSE ): 5.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-23392 ( SUSE ): 5.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N
* CVE-2025-23392 ( NVD ): 5.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-23392 ( NVD ): 5.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N
* CVE-2025-23393 ( SUSE ): 5.8
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
* CVE-2025-23393 ( SUSE ): 6.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
* CVE-2025-23393 ( NVD ): 5.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-23393 ( NVD ): 5.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N
* CVE-2025-46809 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
* CVE-2025-46809 ( SUSE ): 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-46811 ( SUSE ): 9.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-46811 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves 15 vulnerabilities, contains one feature and has 43
security fixes can now be installed.
## Security update 4.3.16 for Multi-Linux Manager Proxy and Retail Branch Server
### Description:
This update fixes the following issues:
release-notes-susemanager-proxy:
* Update to SUSE Manager 4.3.16
* CVE Fixed CVE-2025-23392, CVE-2025-23393, CVE-2025-46809
* Bugs mentioned: bsc#1236601, bsc#1236635, bsc#1236779, bsc#1237294,
bsc#1238922 bsc#1239826, bsc#1240386, bsc#1242004, bsc#1243460, bsc#1245222
bsc#1245005
## Security update 4.3.16 for Multi-Linux Manager Server
### Description:
This update fixes the following issues:
release-notes-susemanager:
* Update to SUSE Manager 4.3.16
* Important Salt Security Update
* Added support for SUSE Linux Enterprise 15 SP7 as a client using the Salt
Bundle
* CVE Fixed CVE-2025-23392, CVE-2025-23393, CVE-2024-38824, CVE-2025-22239
CVE-2025-22236, CVE-2025-22237, CVE-2024-38825, CVE-2025-22240
CVE-2024-38823, CVE-2025-22241, CVE-2025-22238, CVE-2025-22242
CVE-2024-38822, CVE-2025-46811, CVE-2025-46809
* Bugs mentioned: bsc#1157520, bsc#1191142, bsc#1209060, bsc#1211373,
bsc#1213952 bsc#1216187, bsc#1221031, bsc#1225740, bsc#1230403, bsc#1230908
bsc#1233371, bsc#1234608, bsc#1236635, bsc#1236779, bsc#1236810 bsc#1236877,
bsc#1236910, bsc#1237060, bsc#1237082, bsc#1237294 bsc#1237403, bsc#1237581,
bsc#1237694, bsc#1237770, bsc#1238922 bsc#1238924, bsc#1239102, bsc#1239154,
bsc#1239604, bsc#1239743 bsc#1239826, bsc#1239868, bsc#1239907, bsc#1240038,
bsc#1240386 bsc#1240666, bsc#1240842, bsc#1241239, bsc#1241286, bsc#1241455
bsc#1241490, bsc#1242004, bsc#1242030, bsc#1242148, bsc#1242554 bsc#1242911,
bsc#1243239, bsc#1243460, bsc#1243724, bsc#1243825 bsc#1244065, bsc#1244290,
bsc#1245027, bsc#1245222, bsc#1245368 bsc#1245005, bsc#1246119
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-2476=1
* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-2476=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-2476=1
* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-2476=1
## Package List:
* SUSE Manager Retail Branch Server 4.3 (noarch)
* release-notes-susemanager-proxy-4.3.16-150400.3.98.1
* SUSE Manager Server 4.3 (noarch)
* release-notes-susemanager-4.3.16-150400.3.140.1
* openSUSE Leap 15.4 (noarch)
* release-notes-susemanager-proxy-4.3.16-150400.3.98.1
* release-notes-susemanager-4.3.16-150400.3.140.1
* SUSE Manager Proxy 4.3 (noarch)
* release-notes-susemanager-proxy-4.3.16-150400.3.98.1
## References:
* https://www.suse.com/security/cve/CVE-2024-38822.html
* https://www.suse.com/security/cve/CVE-2024-38823.html
* https://www.suse.com/security/cve/CVE-2024-38824.html
* https://www.suse.com/security/cve/CVE-2024-38825.html
* https://www.suse.com/security/cve/CVE-2025-22236.html
* https://www.suse.com/security/cve/CVE-2025-22237.html
* https://www.suse.com/security/cve/CVE-2025-22238.html
* https://www.suse.com/security/cve/CVE-2025-22239.html
* https://www.suse.com/security/cve/CVE-2025-22240.html
* https://www.suse.com/security/cve/CVE-2025-22241.html
* https://www.suse.com/security/cve/CVE-2025-22242.html
* https://www.suse.com/security/cve/CVE-2025-23392.html
* https://www.suse.com/security/cve/CVE-2025-23393.html
* https://www.suse.com/security/cve/CVE-2025-46809.html
* https://www.suse.com/security/cve/CVE-2025-46811.html
* https://bugzilla.suse.com/show_bug.cgi?id=1157520
* https://bugzilla.suse.com/show_bug.cgi?id=1191142
* https://bugzilla.suse.com/show_bug.cgi?id=1209060
* https://bugzilla.suse.com/show_bug.cgi?id=1211373
* https://bugzilla.suse.com/show_bug.cgi?id=1213952
* https://bugzilla.suse.com/show_bug.cgi?id=1216187
* https://bugzilla.suse.com/show_bug.cgi?id=1221031
* https://bugzilla.suse.com/show_bug.cgi?id=1225740
* https://bugzilla.suse.com/show_bug.cgi?id=1230403
* https://bugzilla.suse.com/show_bug.cgi?id=1230908
* https://bugzilla.suse.com/show_bug.cgi?id=1233371
* https://bugzilla.suse.com/show_bug.cgi?id=1234608
* https://bugzilla.suse.com/show_bug.cgi?id=1236601
* https://bugzilla.suse.com/show_bug.cgi?id=1236635
* https://bugzilla.suse.com/show_bug.cgi?id=1236779
* https://bugzilla.suse.com/show_bug.cgi?id=1236810
* https://bugzilla.suse.com/show_bug.cgi?id=1236877
* https://bugzilla.suse.com/show_bug.cgi?id=1236910
* https://bugzilla.suse.com/show_bug.cgi?id=1237060
* https://bugzilla.suse.com/show_bug.cgi?id=1237082
* https://bugzilla.suse.com/show_bug.cgi?id=1237294
* https://bugzilla.suse.com/show_bug.cgi?id=1237403
* https://bugzilla.suse.com/show_bug.cgi?id=1237581
* https://bugzilla.suse.com/show_bug.cgi?id=1237694
* https://bugzilla.suse.com/show_bug.cgi?id=1237770
* https://bugzilla.suse.com/show_bug.cgi?id=1238922
* https://bugzilla.suse.com/show_bug.cgi?id=1238924
* https://bugzilla.suse.com/show_bug.cgi?id=1239102
* https://bugzilla.suse.com/show_bug.cgi?id=1239154
* https://bugzilla.suse.com/show_bug.cgi?id=1239604
* https://bugzilla.suse.com/show_bug.cgi?id=1239743
* https://bugzilla.suse.com/show_bug.cgi?id=1239826
* https://bugzilla.suse.com/show_bug.cgi?id=1239868
* https://bugzilla.suse.com/show_bug.cgi?id=1239907
* https://bugzilla.suse.com/show_bug.cgi?id=1240038
* https://bugzilla.suse.com/show_bug.cgi?id=1240386
* https://bugzilla.suse.com/show_bug.cgi?id=1240666
* https://bugzilla.suse.com/show_bug.cgi?id=1240842
* https://bugzilla.suse.com/show_bug.cgi?id=1241239
* https://bugzilla.suse.com/show_bug.cgi?id=1241286
* https://bugzilla.suse.com/show_bug.cgi?id=1241455
* https://bugzilla.suse.com/show_bug.cgi?id=1241490
* https://bugzilla.suse.com/show_bug.cgi?id=1242004
* https://bugzilla.suse.com/show_bug.cgi?id=1242030
* https://bugzilla.suse.com/show_bug.cgi?id=1242148
* https://bugzilla.suse.com/show_bug.cgi?id=1242554
* https://bugzilla.suse.com/show_bug.cgi?id=1242911
* https://bugzilla.suse.com/show_bug.cgi?id=1243239
* https://bugzilla.suse.com/show_bug.cgi?id=1243460
* https://bugzilla.suse.com/show_bug.cgi?id=1243724
* https://bugzilla.suse.com/show_bug.cgi?id=1243825
* https://bugzilla.suse.com/show_bug.cgi?id=1244065
* https://bugzilla.suse.com/show_bug.cgi?id=1244290
* https://bugzilla.suse.com/show_bug.cgi?id=1245005
* https://bugzilla.suse.com/show_bug.cgi?id=1245027
* https://bugzilla.suse.com/show_bug.cgi?id=1245222
* https://bugzilla.suse.com/show_bug.cgi?id=1245368
* https://bugzilla.suse.com/show_bug.cgi?id=1246119
* https://jira.suse.com/browse/MSQA-993
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-security-updates/attachments/20250723/dc528869/attachment.htm>
More information about the sle-security-updates
mailing list