SUSE-SU-2026:0630-1: important: Security update 5.1.2 for Multi-Linux Manager Client Tools
SLE-SECURITY-UPDATES
null at suse.de
Wed Feb 25 16:33:08 UTC 2026
# Security update 5.1.2 for Multi-Linux Manager Client Tools
Announcement ID: SUSE-SU-2026:0630-1
Release Date: 2026-02-25T09:46:13Z
Rating: important
References:
* bsc#1227579
* bsc#1247644
* bsc#1247721
* bsc#1248848
* bsc#1249400
* bsc#1249532
* bsc#1250940
* bsc#1250976
* bsc#1250981
* bsc#1251044
* bsc#1251138
* bsc#1251995
* bsc#1253004
* bsc#1253174
* bsc#1253282
* bsc#1253347
* bsc#1253659
* bsc#1253738
* bsc#1253966
* bsc#1254478
* bsc#1255340
* bsc#1255588
* bsc#1255781
* jsc#MSQA-1040
* jsc#PED-13824
* jsc#PED-14971
Cross-References:
* CVE-2025-12816
* CVE-2025-68156
CVSS scores:
* CVE-2025-12816 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
* CVE-2025-12816 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
* CVE-2025-68156 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* SUSE Multi-Linux Manager Client Tools for SLE 15
* SUSE Multi-Linux Manager Client Tools for SLE Micro 5
An update that solves two vulnerabilities, contains three features and has 21
security fixes can now be installed.
## Description:
This update fixes the following issues:
dracut-saltboot:
* Update to version 1.1.0
* Retry DHCP requests up to 3 times (bsc#1253004)
golang-github-QubitProducts-exporter_exporter:
* Non-customer-facing optimization around source building
golang-github-boynux-squid_exporter:
* Update to version 1.13.0 (jsc#PED-14971)
* Add support for squid-internal-mgr path for metrics.
* Update to version 1.12.0
* Add TLS and basic authentication support for the web interface.
* Update to version 1.11.0
* Allow adding custom labels to all metrics.
* Update to version 1.10.0
* Add ability to configure the exporter using environment variables.
* Add support for Squid 6
* Add `squid_up` metric
* Add `squid_scrape_duration_seconds` metric
* Add `squid_scrape_error` metric
* Update to version 1.9.0
* Add `process_open_fds` metric to monitor open file descriptors.
* Use `CAP_DAC_READ_SEARCH` capability to allow reading process information
without running as root.
* Update to version 1.8.0
* Add various service time metrics to provide more detailed performance data.
* Update to version 1.7.0
* Add support for basic authentication against the Squid proxy.
* Fix `squid_client_http_requests_total` metric
* Upstream changes for v1.9.0:
* Use `CAP_DAC_READ_SEARCH` capability to allow reading process information
without running as root.
* Upstream changes for v1.8.0:
* Add various service time metrics to provide more detailed performance data.
* Upstream changes for v1.7.0: Squid proxy.Update to version 1.10.0
* Add ability to configure the exporter using environment variables.
* Add `process_open_fds` metric to monitor open file descriptors.
* Use `CAP_DAC_READ_SEARCH` capability to allow reading process information
without running as root.
* Add various service time metrics to provide more detailed performance data.
* Add support for basic authentication against the Squid proxy.
* Use current distro go default version. Use auto-versioning on SUSE as well.
golang-github-lusitaniae-apache_exporter:
* Build without apparmor for openSUSE Leap 16, SLES 16 or newer
* Require Go 1.23 for building
* Update to version 1.0.10
* Update github.com/prometheus/client_golang to 1.21.1
* Update github.com/prometheus/common to 0.63.0
* Update github.com/prometheus/exporter-toolkit to 0.14.0
* Update to version 1.0.9
* Update github.com/prometheus/client_golang to 1.20.4
* Update github.com/prometheus/common to 0.59.1
* Update github.com/prometheus/exporter-toolkit to 0.13.0
* Migrate logging to log/slog
* Fix signal handler logging
golang-github-prometheus-alertmanager:
* Non-customer-facing optimization around source building
golang-github-prometheus-node_exporter:
* Non-customer-facing optimization around source building
golang-github-prometheus-prometheus:
* CVE-2025-12816: Interpretation conflict vulnerability allowing bypassing
cryptographic verifications (bsc#1255588)
* Update to 3.5.0 (jsc#PED-13824): This is a Long-Term Support (LTS) release.
* [FEATURE] Remote-write: Add support for Azure Workload Identity as an
authentication method for the receiver.
* [FEATURE] PromQL: Add first_over_time(...) and ts_of_first_over_time(...)
behind feature flag.
* [FEATURE] Federation: Add support for native histograms with custom buckets
(NHCB).
* [ENHANCEMENT] PromQL: Add warn-level annotations for counter reset conflicts
in certain histogram operations.
* [ENHANCEMENT] UI: Add scrape interval and scrape timeout to targets page.
* Update to 3.4.0:
* [FEATURE] SD: Add unified AWS service discovery for ec2, lightsail and ecs
services.
* [FEATURE] Native histograms are now a stable, but optional feature.
* [FEATURE] UI: Show detailed relabeling steps for each discovered target.
* [ENHANCEMENT] Alerting: Add "unknown" state for alerting rules that haven't
been evaluated yet.
* [BUGFIX] Scrape: Fix a bug where scrape cache would not be cleared on
startup.
* Update to 3.3.0:
* [FEATURE] Spring Boot 3.3 includes support for the Prometheus Client 1.x.
* [ENHANCEMENT] Dependency management for Dropwizard Metrics has been removed.
* Update to 3.2.0:
* [FEATURE] OAuth2: support jwt-bearer grant-type (RFC7523 3.1).
* [ENHANCEMENT] PromQL: Reconcile mismatched NHCB bounds in Add and Sub.
* [BUGFIX] TSDB: Native Histogram Custom Bounds with a NaN threshold are now
rejected.
* Update to 3.1.0:
* [FEATURE] Remote-write 2 (receiving): Update to 2.0-rc.4 spec. "created
timestamp" (CT) is now called "start timestamp" (ST).
* [BUGFIX] Mixin: Add static UID to the remote-write dashboard.
* Update to 3.0.1:
* [BUGFIX] Promql: Make subqueries left open.
* [BUGFIX] Fix memory leak when query log is enabled.
* [BUGFIX] Support utf8 names on /v1/label/:name/values endpoint.
* Update to 3.0.0: This release includes new features such as a brand new UI
and UTF-8 support enabled by default.
* [CHANGE] Deprecated feature flags removed.
* [FEATURE] New UI.
* [FEATURE] Remote Write 2.0.
* [FEATURE] OpenTelemetry Support.
* [FEATURE] UTF-8 support is now stable and enabled by default.
* [FEATURE] OTLP Ingestion.
* [FEATURE] Native Histograms.
* [BUGFIX] PromQL: Fix count_values for histograms.
* [BUGFIX] TSDB: Fix race on stale values in headAppender.
* [BUGFIX] UI: Fix selector / series formatting for empty metric names.
* Update to 2.55.0:
* [FEATURE] PromQL: Add `last_over_time` function.
* [FEATURE] Agent: Add `prometheus_agent_build_info` metric.
* [ENHANCEMENT] PromQL: Optimise `group()` and `group by()`.
* [ENHANCEMENT] TSDB: Reduce memory usage when loading blocks.
* [BUGFIX] Scrape: Fix a bug where a target could be scraped multiple times.
* Update to 2.54.0: This release brings a release candidate of a major new
version of Remote Write: 2.0.
* [CHANGE] Remote-Write: highest_timestamp_in_seconds and
queue_highest_sent_timestamp_seconds metrics now initialized to 0.
* [CHANGE] API: Split warnings from info annotations in API response.
* [FEATURE] Remote-Write: Version 2.0 experimental, plus metadata in WAL via
feature flag.
* [FEATURE] PromQL: add limitk() and limit_ratio() aggregation operators.
* [ENHANCEMENT] PromQL: Accept underscores in literal numbers.
* [ENHANCEMENT] PromQL: float literal numbers and durations are now
interchangeable (experimental).
* [ENHANCEMENT] PromQL (experimental native histograms): Optimize
histogram_count and histogram_sum functions.
* [BUGFIX] PromQL: Fix various issues with native histograms.
* [BUGFIX] OTLP receiver: Allow colons in non-standard units.
grafana:
* CVE-2025-68156: Fix potential DoS via unbounded recursion in builtin
functions (bsc#1255340)
mgr-push:
* Version 5.1.5-0
* Non-customer-facing optimization and update
prometheus-blackbox_exporter:
* Non-customer-facing optimization and update
rhnlib:
* Version 5.1.4-0
* Non-customer-facing optimization and update
spacecmd:
* Version 5.1.12-0
* Fix spacecmd binary file upload (bsc#1253659)
* Fix typo in spacecmd help ca-cert flag (bsc#1253174)
* Convert cached IDs to int (bsc#1251995)
* Fix methods in api namespace in spacecmd (bsc#1249532)
* Make caching code Py 2.7 compatible
* Use JSON instead of pickle for spacecmd cache (bsc#1227579)
* Python 2.7 cannot re-raise exceptions
spacewalk-client-tools:
* Version 5.1.8-0
* Non-customer-facing optimization and update
supportutils-plugin-susemanager-client:
* Version 5.1.5-0
* Non-customer-facing optimization and update
uyuni-common-libs:
* Version 5.1.5-0
* Non-customer-facing optimization and update
uyuni-tools:
* Version 5.1.24-0
* Actually use the --dbupgrade-tag parameter when computing the image URL
(bsc#1249400)
* Handle CA files with symlinks during migration (bsc#1251044)
* Adjust traefik exposed configuration for chart v27+ (bsc#1247721)
* Fix systemd object initialization in server rename. (bsc#1250981)
* Add SSL secrets to the db setup container during migration. (bsc#1250976)
* Fix images handling in mgrpxy support ptf (bsc#1250940)
* Fix helm upgrade parameters (bsc#1253966)
* Detect custom apache and squid config in the /etc/uyuni/proxy folder
* Add ssh tuning to configure sshd (bsc#1253738)
* Move the SSL checks at the beginning of the migration
* Remove cgroup mount for podman containers (bsc#1253347)
* Convert the traefik install time to local time (bsc#1251138)
* During migration, krb5.conf.d should be copied in /etc/rhn (bsc#1254478)
* Read env var from http conf file (bsc#1253282)
* Add --registry-host, --registry-user and --registry-password to pull images
from an authenticate registry
* Deprecate --registry
* Unify backup create and restore dryrun option case
* Fix calling of squid -z in mgrpxy cache clear (bsc#1247644)
* Always start database container even if enabled
* Remove extra ipv6 mapping and nftables workaround (bsc#1248848)
* Remove old PostgreSQL exporter environment file before migration
* Support config command parse correctly supportconfig output (bsc#1255781)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Multi-Linux Manager Client Tools for SLE 15
zypper in -t patch SUSE-MultiLinuxManagerTools-SLE-15-2026-630=1
* SUSE Multi-Linux Manager Client Tools for SLE Micro 5
zypper in -t patch SUSE-MultiLinuxManagerTools-SLE-Micro-5-2026-630=1
## Package List:
* SUSE Multi-Linux Manager Client Tools for SLE 15 (noarch)
* python3-spacewalk-client-tools-5.1.8-150002.3.6.1
* dracut-saltboot-1.1.0-150002.3.6.1
* mgrctl-zsh-completion-5.1.24-150002.3.9.1
* mgrctl-bash-completion-5.1.24-150002.3.9.1
* supportutils-plugin-susemanager-client-5.1.5-150002.3.6.1
* spacewalk-client-tools-5.1.8-150002.3.6.1
* mgr-push-5.1.5-150002.3.6.2
* spacecmd-5.1.12-150002.3.6.1
* mgrctl-lang-5.1.24-150002.3.9.1
* python3-mgr-push-5.1.5-150002.3.6.2
* python3-rhnlib-5.1.4-150002.3.6.1
* SUSE Multi-Linux Manager Client Tools for SLE 15 (aarch64 ppc64le s390x
x86_64)
* grafana-11.5.10-150002.4.9.1
* golang-github-prometheus-alertmanager-0.28.1-150002.4.6.1
* golang-github-QubitProducts-exporter_exporter-0.4.0-150002.3.3.1
* golang-github-prometheus-prometheus-debuginfo-3.5.0-150002.3.3.1
* prometheus-blackbox_exporter-0.26.0-150002.3.3.1
* firewalld-prometheus-config-0.1-150002.3.3.1
* golang-github-prometheus-prometheus-3.5.0-150002.3.3.1
* mgrctl-5.1.24-150002.3.9.1
* golang-github-lusitaniae-apache_exporter-1.0.10-150002.3.3.1
* golang-github-lusitaniae-apache_exporter-debuginfo-1.0.10-150002.3.3.1
* golang-github-prometheus-node_exporter-1.9.1-150002.3.3.1
* golang-github-prometheus-node_exporter-debuginfo-1.9.1-150002.3.3.1
* mgrctl-debuginfo-5.1.24-150002.3.9.1
* python3-uyuni-common-libs-5.1.5-150002.3.3.1
* golang-github-boynux-squid_exporter-debuginfo-1.13.0-150002.3.3.1
* golang-github-prometheus-alertmanager-debuginfo-0.28.1-150002.4.6.1
* grafana-debuginfo-11.5.10-150002.4.9.1
* golang-github-boynux-squid_exporter-1.13.0-150002.3.3.1
* SUSE Multi-Linux Manager Client Tools for SLE Micro 5 (noarch)
* mgrctl-lang-5.1.24-150002.3.9.1
* dracut-saltboot-1.1.0-150002.3.6.1
* mgrctl-zsh-completion-5.1.24-150002.3.9.1
* mgrctl-bash-completion-5.1.24-150002.3.9.1
* SUSE Multi-Linux Manager Client Tools for SLE Micro 5 (aarch64 ppc64le s390x
x86_64)
* golang-github-QubitProducts-exporter_exporter-0.4.0-150002.3.3.1
* prometheus-blackbox_exporter-0.26.0-150002.3.3.1
* mgrctl-debuginfo-5.1.24-150002.3.9.1
* golang-github-prometheus-node_exporter-1.9.1-150002.3.3.1
* golang-github-prometheus-node_exporter-debuginfo-1.9.1-150002.3.3.1
* mgrctl-5.1.24-150002.3.9.1
## References:
* https://www.suse.com/security/cve/CVE-2025-12816.html
* https://www.suse.com/security/cve/CVE-2025-68156.html
* https://bugzilla.suse.com/show_bug.cgi?id=1227579
* https://bugzilla.suse.com/show_bug.cgi?id=1247644
* https://bugzilla.suse.com/show_bug.cgi?id=1247721
* https://bugzilla.suse.com/show_bug.cgi?id=1248848
* https://bugzilla.suse.com/show_bug.cgi?id=1249400
* https://bugzilla.suse.com/show_bug.cgi?id=1249532
* https://bugzilla.suse.com/show_bug.cgi?id=1250940
* https://bugzilla.suse.com/show_bug.cgi?id=1250976
* https://bugzilla.suse.com/show_bug.cgi?id=1250981
* https://bugzilla.suse.com/show_bug.cgi?id=1251044
* https://bugzilla.suse.com/show_bug.cgi?id=1251138
* https://bugzilla.suse.com/show_bug.cgi?id=1251995
* https://bugzilla.suse.com/show_bug.cgi?id=1253004
* https://bugzilla.suse.com/show_bug.cgi?id=1253174
* https://bugzilla.suse.com/show_bug.cgi?id=1253282
* https://bugzilla.suse.com/show_bug.cgi?id=1253347
* https://bugzilla.suse.com/show_bug.cgi?id=1253659
* https://bugzilla.suse.com/show_bug.cgi?id=1253738
* https://bugzilla.suse.com/show_bug.cgi?id=1253966
* https://bugzilla.suse.com/show_bug.cgi?id=1254478
* https://bugzilla.suse.com/show_bug.cgi?id=1255340
* https://bugzilla.suse.com/show_bug.cgi?id=1255588
* https://bugzilla.suse.com/show_bug.cgi?id=1255781
* https://jira.suse.com/browse/MSQA-1040
* https://jira.suse.com/browse/PED-13824
* https://jira.suse.com/browse/PED-14971
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-security-updates/attachments/20260225/836b9d1f/attachment.htm>
More information about the sle-security-updates
mailing list