SUSE-SU-2025:20992-1: important: Security update 5.1.1 of SUSE Multi-Linux Manager
SLE-SECURITY-UPDATES
null at suse.de
Wed Nov 12 12:31:09 UTC 2025
# Security update 5.1.1 of SUSE Multi-Linux Manager
Announcement ID: SUSE-SU-2025:20992-1
Release Date: 2025-10-17T08:47:21Z
Rating: important
References:
* bsc#1229825
* bsc#1241880
* bsc#1243331
* bsc#1243486
* bsc#1243611
* bsc#1243704
* bsc#1244027
* bsc#1244127
* bsc#1244219
* bsc#1244424
* bsc#1244552
* bsc#1244919
* bsc#1245099
* bsc#1245120
* bsc#1245702
* bsc#1246068
* bsc#1246320
* bsc#1246553
* bsc#1246789
* bsc#1246882
* bsc#1246906
* bsc#1247688
* bsc#1247836
* bsc#1248252
* bsc#1249434
* jsc#MSQA-1023
Cross-References:
* CVE-2025-53192
CVSS scores:
* CVE-2025-53192 ( SUSE ): 8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-53192 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
* CVE-2025-53192 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
* SUSE Multi-Linux Manager Proxy 5.1
* SUSE Multi-Linux Manager Retail Branch Server 5.1
* SUSE Multi-Linux Manager Server 5.1
An update that solves one vulnerability, contains one feature and has 24 fixes
can now be installed.
## Description:
This update for SUSE Multi-Linux Manager fixes the following issues:
proxy-helm was updated fromv version 5.1.7 to 5.1.9:
* Version 5.1.9
* Chart rebuilt to the newest version with updated dependencies
* Version 5.1.8
* Use traefik.io API group (bsc#1244919)
proxy-httpd-image was updated fromv version 5.1.8 to 5.1.10:
* Version 5.1.10
* Image rebuilt to the newest version with updated dependencies
* Version 5.1.9
* Use absolute paths when invoking external commands
* Handle large static files outside of wsgi script (bsc#1244424)
* Reorganize proxy apache configuration
* remove unused access to pub dir
* move cobbler configs from the uyuni-config to the proxy package
* add max workers limit to 150 (bsc#1244552)
* use proxypass instead of wsgi to pass API calls to the server and anonymous dirs (bsc#1241880)
* Use existing systemid in proxy httpd if present (bsc#1246789)
proxy-salt-broker-image was updated from version 5.1.8 to 5.1.10:
* Image rebuilt to the newest version with updated dependencies
proxy-squid-image was updated fromv version 5.1.7 to 5.1.9:
* Version 5.1.9
* Image rebuilt to the newest version with updated dependencies
* Version 5.1.8
* Use absolute paths when invoking external commands
proxy-squid-image was updated fromv version 5.1.7 to 5.1.9:
* Version 5.1.9
* Image rebuilt to the newest version with updated dependencies
* Version 5.1.8
* Use absolute paths when invoking external commands
proxy-tftpd-image was updated fromv version 5.1.7 to 5.1.9:
* Version 5.1.9
* Image rebuilt to the newest version with updated dependencies
* Version 5.1.8
* Use absolute paths when invoking external commands
* Do not block the main tftpd process (bsc#1244424)
* Fix selecting of default saltboot entry in grub
server-attestation-image was updated from version 5.1.7 to 5.1.10:
* CVE-2025-53192: Do not use apache-commons-ognl but its successor ognl
(bsc#1248252)
* Image rebuilt to the newest version with updated dependencies
server-hub-xmlrpc-api-image was updated from version 5.1.7 to 5.1.9:
* Image rebuilt to the newest version with updated dependencies
server-image was updated from version 5.1.7 to 5.1.9::
* Version 5.1.9
* Install python311-ldap into the server-image (bsc#1245702)
* Version 5.1.8
* Move jmx configuration to a persisting folder (bsc#1244219)
server-migration-14-16-image was updated from version 5.1.7 to 5.1.9:
* Image rebuilt to the newest version with updated dependencies
server-postgresql-image was updated from version 5.1.5 to 5.1.7:
* Image rebuilt to the newest version with updated dependencies
server-saline-image was updated from version 5.1.7 to 5.1.9:
* Image rebuilt to the newest version with updated dependencies
uyuni-tools was updated from version 5.1.18-0 to 5.1.22-0:
* Version 5.1.22-0
* Fix cobbler config migration to standalone files
* Fix generated DB certificate subject alternate names
* Version 5.1.21-0
* Remove extraneous quotes when getting the running image (bsc#1249434)
* Version 5.1.20-0
* Add migration for server monitoring configuration (bsc#1247688)
* Version 5.1.19-0
* Add a lowercase version of --logLevel (bsc#1243611)
* Stop executing scripts in temporary folder (bsc#1243704)
* support config: collect podman inspect for hub container (bsc#1245099)
* Use new dedicated path for Cobbler settings (bsc#1244027)
* Migrate custom auto installation snippets (bsc#1246320)
* Add SUSE Linux Enterprise 15 SP7 to buildin productmap
* Fix loading product map from mgradm configuration file (bsc#1246068)
* Fix channel override for distro copy
* Do not use sudo when running as a root user (bsc#1246882)
* Do not require backups to be at the same location for restoring
(bsc#1246906)
* Fix recomputing proxy images when installing a PTF or TEST (bsc#1246553)
* Add mgradm server rename to change the server FQDN (bsc#1229825)
* If no DB SSL CA parameter is given, use the other one (bsc#1245120)
* More fault tolerant mgradm stop (bsc#1243331)
* Backup systemd dropin directory too and create if missing
* Add 3rd party SSL options for upgrade and migration scenarios
* Do not consider stderr output of podman as an error (bsc#1247836)
* Restore SELinux contexts for restored backup volumes (bsc#1244127)
* Automatically get up-to-date systemid file on salt based proxy hosts
(bsc#1246789)
* Bump the default image tag to 5.1.1
How to apply this update:
SUSE Multi-Linux Manager Server:
1. Log in as root user to the SUSE Multi-Linux Manager Server.
2. Upgrade mgradm and mgrctl.
3. If you are in a disconnected environment, upgrade the image packages.
4. Reboot the system.
5. Run `mgradm upgrade podman` which will use the default image tags.
SUSE Multi-Linux Manager Proxy / Retail Branch Server:
1. Log in as root user to the SUSE Multi-Linux Manager Proxy / Retail Branch Server.
2. Upgrade mgrpxy.
3. If you are in a disconnected environment, upgrade the image packages.
4. Reboot the system.
5. Run `mgrpxy upgrade podman` which will use the default image tags.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Multi-Linux Manager Proxy 5.1
zypper in -t patch SUSE-Multi-Linux-Manager-5.1-2=1
* SUSE Multi-Linux Manager Retail Branch Server 5.1
zypper in -t patch SUSE-Multi-Linux-Manager-5.1-2=1
* SUSE Multi-Linux Manager Server 5.1
zypper in -t patch SUSE-Multi-Linux-Manager-5.1-2=1
## Package List:
* SUSE Multi-Linux Manager Proxy 5.1 (aarch64 ppc64le s390x x86_64)
* mgrpxy-5.1.22-slfo.1.1.1
* mgrpxy-debuginfo-5.1.22-slfo.1.1.1
* SUSE Multi-Linux Manager Proxy 5.1 (noarch)
* mgrpxy-zsh-completion-5.1.22-slfo.1.1.1
* mgrpxy-bash-completion-5.1.22-slfo.1.1.1
* SUSE Multi-Linux Manager Proxy 5.1 (aarch64)
* suse-multi-linux-manager-5.1-aarch64-proxy-httpd-image-5.1.1-8.7.18
* suse-multi-linux-manager-5.1-aarch64-proxy-ssh-image-5.1.1-8.5.13
* suse-multi-linux-manager-5.1-aarch64-proxy-squid-image-5.1.1-8.5.13
* suse-multi-linux-manager-5.1-aarch64-proxy-salt-broker-image-5.1.1-9.5.33
* suse-multi-linux-manager-5.1-aarch64-proxy-tftpd-image-5.1.1-8.5.13
* SUSE Multi-Linux Manager Proxy 5.1 (ppc64le)
* suse-multi-linux-manager-5.1-ppc64le-proxy-ssh-image-5.1.1-8.5.13
* suse-multi-linux-manager-5.1-ppc64le-proxy-squid-image-5.1.1-8.5.13
* suse-multi-linux-manager-5.1-ppc64le-proxy-tftpd-image-5.1.1-8.5.13
* suse-multi-linux-manager-5.1-ppc64le-proxy-httpd-image-5.1.1-8.7.18
* suse-multi-linux-manager-5.1-ppc64le-proxy-salt-broker-image-5.1.1-9.5.33
* SUSE Multi-Linux Manager Proxy 5.1 (s390x)
* suse-multi-linux-manager-5.1-s390x-proxy-salt-broker-image-5.1.1-9.5.33
* suse-multi-linux-manager-5.1-s390x-proxy-httpd-image-5.1.1-8.7.18
* suse-multi-linux-manager-5.1-s390x-proxy-ssh-image-5.1.1-8.5.13
* suse-multi-linux-manager-5.1-s390x-proxy-tftpd-image-5.1.1-8.5.13
* suse-multi-linux-manager-5.1-s390x-proxy-squid-image-5.1.1-8.5.13
* SUSE Multi-Linux Manager Proxy 5.1 (x86_64)
* suse-multi-linux-manager-5.1-x86_64-proxy-ssh-image-5.1.1-8.5.13
* suse-multi-linux-manager-5.1-x86_64-proxy-salt-broker-image-5.1.1-9.5.33
* suse-multi-linux-manager-5.1-x86_64-proxy-squid-image-5.1.1-8.5.13
* suse-multi-linux-manager-5.1-x86_64-proxy-tftpd-image-5.1.1-8.5.13
* suse-multi-linux-manager-5.1-x86_64-proxy-httpd-image-5.1.1-8.7.18
* SUSE Multi-Linux Manager Retail Branch Server 5.1 (aarch64 ppc64le s390x
x86_64)
* mgrpxy-5.1.22-slfo.1.1.1
* mgrpxy-debuginfo-5.1.22-slfo.1.1.1
* SUSE Multi-Linux Manager Retail Branch Server 5.1 (noarch)
* mgrpxy-zsh-completion-5.1.22-slfo.1.1.1
* mgrpxy-bash-completion-5.1.22-slfo.1.1.1
* SUSE Multi-Linux Manager Retail Branch Server 5.1 (aarch64)
* suse-multi-linux-manager-5.1-aarch64-proxy-httpd-image-5.1.1-8.7.18
* suse-multi-linux-manager-5.1-aarch64-proxy-ssh-image-5.1.1-8.5.13
* suse-multi-linux-manager-5.1-aarch64-proxy-squid-image-5.1.1-8.5.13
* suse-multi-linux-manager-5.1-aarch64-proxy-salt-broker-image-5.1.1-9.5.33
* suse-multi-linux-manager-5.1-aarch64-proxy-tftpd-image-5.1.1-8.5.13
* SUSE Multi-Linux Manager Retail Branch Server 5.1 (ppc64le)
* suse-multi-linux-manager-5.1-ppc64le-proxy-ssh-image-5.1.1-8.5.13
* suse-multi-linux-manager-5.1-ppc64le-proxy-squid-image-5.1.1-8.5.13
* suse-multi-linux-manager-5.1-ppc64le-proxy-tftpd-image-5.1.1-8.5.13
* suse-multi-linux-manager-5.1-ppc64le-proxy-httpd-image-5.1.1-8.7.18
* suse-multi-linux-manager-5.1-ppc64le-proxy-salt-broker-image-5.1.1-9.5.33
* SUSE Multi-Linux Manager Retail Branch Server 5.1 (s390x)
* suse-multi-linux-manager-5.1-s390x-proxy-salt-broker-image-5.1.1-9.5.33
* suse-multi-linux-manager-5.1-s390x-proxy-httpd-image-5.1.1-8.7.18
* suse-multi-linux-manager-5.1-s390x-proxy-ssh-image-5.1.1-8.5.13
* suse-multi-linux-manager-5.1-s390x-proxy-tftpd-image-5.1.1-8.5.13
* suse-multi-linux-manager-5.1-s390x-proxy-squid-image-5.1.1-8.5.13
* SUSE Multi-Linux Manager Retail Branch Server 5.1 (x86_64)
* suse-multi-linux-manager-5.1-x86_64-proxy-ssh-image-5.1.1-8.5.13
* suse-multi-linux-manager-5.1-x86_64-proxy-salt-broker-image-5.1.1-9.5.33
* suse-multi-linux-manager-5.1-x86_64-proxy-squid-image-5.1.1-8.5.13
* suse-multi-linux-manager-5.1-x86_64-proxy-tftpd-image-5.1.1-8.5.13
* suse-multi-linux-manager-5.1-x86_64-proxy-httpd-image-5.1.1-8.7.18
* SUSE Multi-Linux Manager Server 5.1 (aarch64 ppc64le s390x x86_64)
* mgradm-debuginfo-5.1.22-slfo.1.1.1
* mgrctl-debuginfo-5.1.22-slfo.1.1.1
* mgradm-5.1.22-slfo.1.1.1
* mgrctl-5.1.22-slfo.1.1.1
* SUSE Multi-Linux Manager Server 5.1 (noarch)
* mgradm-bash-completion-5.1.22-slfo.1.1.1
* mgrctl-bash-completion-5.1.22-slfo.1.1.1
* mgrctl-zsh-completion-5.1.22-slfo.1.1.1
* mgradm-zsh-completion-5.1.22-slfo.1.1.1
* SUSE Multi-Linux Manager Server 5.1 (aarch64)
* suse-multi-linux-manager-5.1-aarch64-server-postgresql-image-5.1.1-6.5.4
* suse-multi-linux-manager-5.1-aarch64-server-image-5.1.1-8.5.45
* suse-multi-linux-manager-5.1-aarch64-server-attestation-image-5.1.1-8.7.8
* suse-multi-linux-manager-5.1-aarch64-server-hub-xmlrpc-api-image-5.1.1-8.5.19
* suse-multi-linux-manager-5.1-aarch64-server-migration-14-16-image-5.1.1-8.5.26
* suse-multi-linux-manager-5.1-aarch64-server-saline-image-5.1.1-9.5.24
* SUSE Multi-Linux Manager Server 5.1 (ppc64le)
* suse-multi-linux-manager-5.1-ppc64le-server-image-5.1.1-8.5.45
* suse-multi-linux-manager-5.1-ppc64le-server-saline-image-5.1.1-9.5.24
* suse-multi-linux-manager-5.1-ppc64le-server-hub-xmlrpc-api-image-5.1.1-8.5.19
* suse-multi-linux-manager-5.1-ppc64le-server-migration-14-16-image-5.1.1-8.5.26
* suse-multi-linux-manager-5.1-ppc64le-server-postgresql-image-5.1.1-6.5.4
* suse-multi-linux-manager-5.1-ppc64le-server-attestation-image-5.1.1-8.7.8
* SUSE Multi-Linux Manager Server 5.1 (s390x)
* suse-multi-linux-manager-5.1-s390x-server-image-5.1.1-8.5.45
* suse-multi-linux-manager-5.1-s390x-server-hub-xmlrpc-api-image-5.1.1-8.5.19
* suse-multi-linux-manager-5.1-s390x-server-postgresql-image-5.1.1-6.5.4
* suse-multi-linux-manager-5.1-s390x-server-migration-14-16-image-5.1.1-8.5.26
* suse-multi-linux-manager-5.1-s390x-server-saline-image-5.1.1-9.5.24
* suse-multi-linux-manager-5.1-s390x-server-attestation-image-5.1.1-8.7.8
* SUSE Multi-Linux Manager Server 5.1 (x86_64)
* suse-multi-linux-manager-5.1-x86_64-server-attestation-image-5.1.1-8.7.8
* suse-multi-linux-manager-5.1-x86_64-server-postgresql-image-5.1.1-6.5.4
* suse-multi-linux-manager-5.1-x86_64-server-hub-xmlrpc-api-image-5.1.1-8.5.19
* suse-multi-linux-manager-5.1-x86_64-server-saline-image-5.1.1-9.5.24
* suse-multi-linux-manager-5.1-x86_64-server-image-5.1.1-8.5.45
* suse-multi-linux-manager-5.1-x86_64-server-migration-14-16-image-5.1.1-8.5.26
## References:
* https://www.suse.com/security/cve/CVE-2025-53192.html
* https://bugzilla.suse.com/show_bug.cgi?id=1229825
* https://bugzilla.suse.com/show_bug.cgi?id=1241880
* https://bugzilla.suse.com/show_bug.cgi?id=1243331
* https://bugzilla.suse.com/show_bug.cgi?id=1243486
* https://bugzilla.suse.com/show_bug.cgi?id=1243611
* https://bugzilla.suse.com/show_bug.cgi?id=1243704
* https://bugzilla.suse.com/show_bug.cgi?id=1244027
* https://bugzilla.suse.com/show_bug.cgi?id=1244127
* https://bugzilla.suse.com/show_bug.cgi?id=1244219
* https://bugzilla.suse.com/show_bug.cgi?id=1244424
* https://bugzilla.suse.com/show_bug.cgi?id=1244552
* https://bugzilla.suse.com/show_bug.cgi?id=1244919
* https://bugzilla.suse.com/show_bug.cgi?id=1245099
* https://bugzilla.suse.com/show_bug.cgi?id=1245120
* https://bugzilla.suse.com/show_bug.cgi?id=1245702
* https://bugzilla.suse.com/show_bug.cgi?id=1246068
* https://bugzilla.suse.com/show_bug.cgi?id=1246320
* https://bugzilla.suse.com/show_bug.cgi?id=1246553
* https://bugzilla.suse.com/show_bug.cgi?id=1246789
* https://bugzilla.suse.com/show_bug.cgi?id=1246882
* https://bugzilla.suse.com/show_bug.cgi?id=1246906
* https://bugzilla.suse.com/show_bug.cgi?id=1247688
* https://bugzilla.suse.com/show_bug.cgi?id=1247836
* https://bugzilla.suse.com/show_bug.cgi?id=1248252
* https://bugzilla.suse.com/show_bug.cgi?id=1249434
* https://jira.suse.com/browse/MSQA-1023
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-security-updates/attachments/20251112/4df1a063/attachment.htm>
More information about the sle-security-updates
mailing list