SUSE-SU-2026:1031-1: important: Maintenance update for Multi-Linux Manager 4.3: Server, Proxy and Retail
SLE-SECURITY-UPDATES
null at suse.de
Wed Mar 25 16:33:28 UTC 2026
# Maintenance update for Multi-Linux Manager 4.3: Server, Proxy and Retail
Announcement ID: SUSE-SU-2026:1031-1
Release Date: 2026-03-25T10:19:43Z
Rating: important
References:
* bsc#1213308
* bsc#1214568
* bsc#1214569
* bsc#1216711
* bsc#1217755
* bsc#1220899
* bsc#1221950
* bsc#1223368
* bsc#1227577
* bsc#1227579
* bsc#1228577
* bsc#1230876
* bsc#1232125
* bsc#1233496
* bsc#1236066
* bsc#1236799
* bsc#1237536
* bsc#1238481
* bsc#1239636
* bsc#1240565
* bsc#1241013
* bsc#1243241
* bsc#1243679
* bsc#1243768
* bsc#1243808
* bsc#1243876
* bsc#1243881
* bsc#1244177
* bsc#1244542
* bsc#1244648
* bsc#1244724
* bsc#1245241
* bsc#1245307
* bsc#1245405
* bsc#1245766
* bsc#1246421
* bsc#1246981
* bsc#1247038
* bsc#1248741
* bsc#1248804
* bsc#1249502
* bsc#1251864
* bsc#1251995
* bsc#1252937
* bsc#1253024
* bsc#1253068
* bsc#1253158
* bsc#1253322
* bsc#1253501
* bsc#1253773
* bsc#1255298
* bsc#1257538
* jsc#MSQA-1046
* jsc#SUMA-406
Cross-References:
* CVE-2024-29371
CVSS scores:
* CVE-2024-29371 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-29371 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-29371 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.3
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15
* SUSE Linux Enterprise Desktop 15 SP1
* SUSE Linux Enterprise Desktop 15 SP2
* SUSE Linux Enterprise Desktop 15 SP3
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15
* SUSE Linux Enterprise High Performance Computing 15 SP1
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.0
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP1
* SUSE Linux Enterprise Real Time 15 SP2
* SUSE Linux Enterprise Real Time 15 SP3
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15
* SUSE Linux Enterprise Server 15 SP1
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15
* SUSE Linux Enterprise Server for SAP Applications 15 SP1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Manager Client Tools for SLE 15
* SUSE Manager Client Tools for SLE Micro 5
An update that solves one vulnerability, contains two features and has 51
security fixes can now be installed.
## Recommended update 4.3.17 for Multi-Linux Manager Proxy and Retail Branch
Server LTS
### Description:
This update fixes the following issues:
mgr-cfg:
* Version 4.3.7-0
* Non-customer-facing optimization and update
mgr-custom-info:
* Version 4.3.4-0
* Non-customer-facing optimization and update
mgr-daemon:
* Version 4.3.13-0
* Update translation strings
mgr-osad:
* Version 4.3.8-0
* Non-customer-facing optimization and update
mgr-push:
* Version 4.3.7-0
* Non-customer-facing optimization and update
rhnlib:
* Version 4.3.8-0
* Use more secure defusedxml parser (bsc#1227577)
spacecmd:
* Version 4.3.32-0
* Make caching code Py 2.7 compatible
* Python 2.7 cannot re-raise exceptions
* Make spacecmd to work with Python 3.12 and higher
* Call print statements properly in Python 3
* Convert cached IDs to int (bsc#1251995)
* Use JSON instead of pickle for spacecmd cache (bsc#1227579)
spacewalk-backend:
* Version 4.3.35-0
* Prevent authentication issues with traditional stack (bsc#1253068)
* Fix parameter error when syncing product repositories in ISS v1
(bsc#1244724)
* Fix fetching the mirrorlist with a ca bundle which include only the
intermediate CAs. This is the case for RHUI CA bundles (bsc#1243241).
* Use more secure defusedxml parser (bsc#1227577)
spacewalk-certs-tools:
* Version 4.3.27-0
* Non-customer-facing optimization and update
spacewalk-client-tools:
* Version 4.3.24-0
* Update translation strings
spacewalk-proxy:
* Version 4.3.21-0
* Non-customer-facing optimization and update
spacewalk-proxy-docs:
* Version 4.3.2-0
* Non-customer-facing optimization and update
spacewalk-proxy-html:
* Version 4.3.4-0
* Non-customer-facing optimization and update
spacewalk-proxy-installer:
* Version 4.3.13-0
* Configure squid replacement policy properly before cache dir (bsc#1253773)
spacewalk-setup-jabberd:
* Version 4.3.2-0
* Non-customer-facing optimization and update
spacewalk-ssl-cert-check:
* Version 4.3.4-0
* Non-customer-facing optimization and update
spacewalk-web:
* Version 4.3.48-0
* Fix broken CVE links in CVE audit page.
* Fix bug: confirmation message missing when assigning channel to minion
(bsc#1236799)
* Fix URL to salt formular documentation (bsc#1248741)
supportutils-plugin-susemanager-client:
* Version 4.3.6-0
* Non-customer-facing optimization and update
suseRegisterInfo:
* Version 4.3.4-0
* Non-customer-facing optimization and update
uyuni-base:
* Version 4.3.3-0
* Non-customer-facing optimization and update
uyuni-proxy-systemd-services:
* Version 4.3.19-0
* Updated for SUSE Manager 4.3.17
How to apply this update:
1. Log in as root user to the SUSE Multi-Linux Manager Proxy or Retail Branch Server LTS.
2. Stop the proxy service: `spacewalk-proxy stop`
3. Apply the patch using either zypper patch or YaST Online Update.
4. Start the Spacewalk service: `spacewalk-proxy start`
## Security update 4.3.17 for Multi-Linux Manager Server LTS
### Description:
This update fixes the following issues:
cobbler:
* Fix "test_grubimage_run" on Uyuni and SUSE Multi-Linux Manager test
containers
inter-server-sync:
* Version 0.3.10-0
* Write log to a rotated file without rsyslog and logrotate
* Recreate cobbler entries on the import (bsc#1220899)
* remove support for 4.2 file based pillars
* use correct hostname detection for 5.x servers (bsc#1253322)
* Version 0.3.9-0
* Do not export autogenerated identity column (bsc##1244648)
* Version 0.3.8-0
* Rename suseproductsccrepository to susechanneltemplate (bsc#1244648)
* Allow skipping changelog export (bsc#1245307)
* Add options to specify xmlRpcPassword via file path or stdin
jose4j:
* CVE-2024-29371: Safeguard against excessive resource utilization by
restricting the size of data during JWE payload decompression (bsc#1255298)
liberate-formula:
* Version 0.1.1
* fix installation for liberty 7 (bsc#1246981)
* Change reinstall parameter default value to false
mgr-osad:
* Version 4.3.8-0
* Non-customer-facing optimization and update
mgr-push:
* Version 4.3.7-0
* Non-customer-facing optimization and update
perl-Satcon:
* Version 4.3.3-0
* Non-customer-facing optimization and update
prometheus-exporters-formula:
* Version 1.4.2
* Allow only node exporter on transactional systems (bsc#1244542)
prometheus-formula:
* Version 0.9.0
* Check for supported distributions (bsc#1243876)
* Fix checking Prometheus package version
rhnlib:
* Version 4.3.8-0
* Use more secure defusedxml parser (bsc#1227577)
spacecmd:
* Version 4.3.32-0
* Make caching code Py 2.7 compatible
* Python 2.7 cannot re-raise exceptions
* Make spacecmd to work with Python 3.12 and higher
* Call print statements properly in Python 3
* Convert cached IDs to int (bsc#1251995)
* Use JSON instead of pickle for spacecmd cache (bsc#1227579)
spacewalk:
* Version 4.3.7-0
* Non-customer-facing optimization and update
spacewalk-admin:
* Version 4.3.15-0
* Correctly handles http proxy empty passwords (bsc#1249502)
spacewalk-backend:
* Version 4.3.35-0
* Prevent authentication issues with traditional stack (bsc#1253068)
* Fix parameter error when syncing product repositories in ISS v1
(bsc#1244724)
* Fix fetching the mirrorlist with a ca bundle which include only the
intermediate CAs. This is the case for RHUI CA bundles (bsc#1243241).
* Use more secure defusedxml parser (bsc#1227577)
spacewalk-branding:
* Version 4.3.6-0
* Non-customer-facing optimization and update
spacewalk-certs-tools:
* Version 4.3.27-0
* Non-customer-facing optimization and update
spacewalk-client-tools:
* Version 4.3.24-0
* Update translation strings
spacewalk-config:
* Version 4.3.17-0
* Non-customer-facing optimization and update
spacewalk-java:
* Version 4.3.90-0
* Fix reposync crashing at metadata generation (bsc#1257538)
* Version 4.3.89-0
* Delay highstate during bootstrap to run it after the initial minimal state
(bsc#1240565)
* add proxy option to provisionSystem API (bsc#1232125)
* Fix dnf updateinfo showing wrong severity for security updates (bsc#1252937)
* Display correct advisory link by using an errata advisory map (bsc#1243808)
* Improve hibernate object creation for ServerPath (bsc#1243881)
* Prevent printing user input in traceback logs and mails (bsc#1239636)
* Send CPU architecture specific data to SCC (jsc#SUMA-406)
* Fix broken CVE links in CVE audit page.
* Fix http proxy verification (bsc#1253501)
* Fix: Broken URL in API docs (bsc#1244177)
* Correctly handles http proxy empty passwords (bsc#1249502)
* Ensure null safety when converting from proxy paths to host names
(bsc#1237536)
* Use the correct identifier to map the salt migration result
* Succeed liberate product migration also when reinstall packages is disabled
(bsc#1248804)
* Prioritize beacon data for regular minion reboot status (bsc#1245405)
spacewalk-reports:
* Version 4.3.6-0
* Non-customer-facing optimization and update
spacewalk-search:
* Version 4.3.12-0
* Non-customer-facing optimization and update
spacewalk-setup:
* Version 4.3.20-0
* Non-customer-facing optimization and update
spacewalk-setup-jabberd:
* Version 4.3.2-0
* Non-customer-facing optimization and update
spacewalk-utils:
* Version 4.3.25-0
* Non-customer-facing optimization and update
spacewalk-web:
* Version 4.3.48-0
* Fix broken CVE links in CVE audit page.
* Fix bug: confirmation message missing when assigning channel to minion
(bsc#1236799)
* Fix URL to salt formular documentation (bsc#1248741)
supportutils-plugin-susemanager:
* Version 4.3.16-0
* Non-customer-facing optimization and update
suseRegisterInfo:
* Version 4.3.4-0
* Non-customer-facing optimization and update
susemanager:
* Version 4.3.43-0
* Added missing bootrap repository definition for OES 24.4 (bsc#1241013)
susemanager-docs_en:
* Removed CIS from list of supported OpenSCAP profiles
* Fixed the incorrect path in Administration Guide (bsc#1221950)
* Corrected the reactivation key varaible name (bsc#1253158)
* Improved CLM procedure in Adminstration Guide (bsc#1230876)
* Added commands to server migration procedures in Installation and Upgrade
Guide (bsc#1214569)
* Clarified requirement for PAYG in Installation and Upgrade Guide
(bsc#1236066)
* Added information for proxy migration to Installation and Upgrade Guide
(bsc#1214568)
* Added reference to dry run documentation (bsc#1223368)
* Added information about requesting access to PTFs (bsc#1213308)
* Added lang support for new shared header to html outputs
* Added shared header styles for documentation.suse.com
* Removed Ubuntu 20.04 from the list supported clients in Client Configuration
Guide (bsc#1238481)
* Fixed output box with grep command in LTS section in Installation and
Upgrade Guide (bsc#1247038)
* Added procedure to reregister client behind a proxy after renaming the
server (bsc#1245766)
* Fixed the admonition in Client Configuration Guide (bsc#1233496)
* Reorganised files for better visibility of differences between AutoYaST and
Kickstart profiles (bsc#1217755)
* Fixed command for public cloud module in Installation and Upgrade Guide
(bsc#1216711)
* Removed obsolete command from Administration Guide (bsc#1228577)
* Renamed parameter in Specialized Guides (bsc#1245241)
susemanager-schema:
* Version 4.3.30-0
* Store CPU architecture specific data (jsc#SUMA-406)
* Creation of table suseErrataAdvisoryMap and added errata-advisory-map-sync
taskomatic job fixing bug (bsc#1243808)
susemanager-sls:
* Version 4.3.53-0
* Automatically deploy IBM GPG keys to SUSE minions (bsc#1246421)
* Succeed liberate product migration also when reinstall packages is disabled
(bsc#1248804)
* Adjust sls files for python311-kiwi (bsc#1251864)(bsc#1253024)
* Collect CPU architecture specific data on hardware profile update
(jsc#SUMA-406)
susemanager-tftpsync:
* Version 4.3.5-0
* Use TLS in sync_post_tftpd_proxies (bsc#1243679)
* Refuse files with shell characters (bsc#1243768)
uyuni-base:
* Version 4.3.3-0
* Non-customer-facing optimization and update
How to apply this update:
1. Log in as root user to the SUSE Multi-Linux Manager Server LTS.
2. Stop the Spacewalk service: `spacewalk-service stop`
3. Apply the patch using either zypper patch or YaST Online Update.
4. Start the Spacewalk service: `spacewalk-service start`
## Recommended update for uyuni-proxy-systemd-services
### Description:
This update fixes the following issues:
uyuni-proxy-systemd-services:
* Version 4.3.19-0
* Update for SUSE Manager 4.3.17
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Manager Client Tools for SLE 15
zypper in -t patch SUSE-SLE-Manager-Tools-15-2026-1031=1
* SUSE Manager Client Tools for SLE Micro 5
zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2026-1031=1
## Package List:
* SUSE Manager Client Tools for SLE 15 (noarch)
* uyuni-proxy-systemd-services-4.3.19-150000.1.40.2
* SUSE Manager Client Tools for SLE Micro 5 (noarch)
* uyuni-proxy-systemd-services-4.3.19-150000.1.40.2
## References:
* https://www.suse.com/security/cve/CVE-2024-29371.html
* https://bugzilla.suse.com/show_bug.cgi?id=1213308
* https://bugzilla.suse.com/show_bug.cgi?id=1214568
* https://bugzilla.suse.com/show_bug.cgi?id=1214569
* https://bugzilla.suse.com/show_bug.cgi?id=1216711
* https://bugzilla.suse.com/show_bug.cgi?id=1217755
* https://bugzilla.suse.com/show_bug.cgi?id=1220899
* https://bugzilla.suse.com/show_bug.cgi?id=1221950
* https://bugzilla.suse.com/show_bug.cgi?id=1223368
* https://bugzilla.suse.com/show_bug.cgi?id=1227577
* https://bugzilla.suse.com/show_bug.cgi?id=1227579
* https://bugzilla.suse.com/show_bug.cgi?id=1228577
* https://bugzilla.suse.com/show_bug.cgi?id=1230876
* https://bugzilla.suse.com/show_bug.cgi?id=1232125
* https://bugzilla.suse.com/show_bug.cgi?id=1233496
* https://bugzilla.suse.com/show_bug.cgi?id=1236066
* https://bugzilla.suse.com/show_bug.cgi?id=1236799
* https://bugzilla.suse.com/show_bug.cgi?id=1237536
* https://bugzilla.suse.com/show_bug.cgi?id=1238481
* https://bugzilla.suse.com/show_bug.cgi?id=1239636
* https://bugzilla.suse.com/show_bug.cgi?id=1240565
* https://bugzilla.suse.com/show_bug.cgi?id=1241013
* https://bugzilla.suse.com/show_bug.cgi?id=1243241
* https://bugzilla.suse.com/show_bug.cgi?id=1243679
* https://bugzilla.suse.com/show_bug.cgi?id=1243768
* https://bugzilla.suse.com/show_bug.cgi?id=1243808
* https://bugzilla.suse.com/show_bug.cgi?id=1243876
* https://bugzilla.suse.com/show_bug.cgi?id=1243881
* https://bugzilla.suse.com/show_bug.cgi?id=1244177
* https://bugzilla.suse.com/show_bug.cgi?id=1244542
* https://bugzilla.suse.com/show_bug.cgi?id=1244648
* https://bugzilla.suse.com/show_bug.cgi?id=1244724
* https://bugzilla.suse.com/show_bug.cgi?id=1245241
* https://bugzilla.suse.com/show_bug.cgi?id=1245307
* https://bugzilla.suse.com/show_bug.cgi?id=1245405
* https://bugzilla.suse.com/show_bug.cgi?id=1245766
* https://bugzilla.suse.com/show_bug.cgi?id=1246421
* https://bugzilla.suse.com/show_bug.cgi?id=1246981
* https://bugzilla.suse.com/show_bug.cgi?id=1247038
* https://bugzilla.suse.com/show_bug.cgi?id=1248741
* https://bugzilla.suse.com/show_bug.cgi?id=1248804
* https://bugzilla.suse.com/show_bug.cgi?id=1249502
* https://bugzilla.suse.com/show_bug.cgi?id=1251864
* https://bugzilla.suse.com/show_bug.cgi?id=1251995
* https://bugzilla.suse.com/show_bug.cgi?id=1252937
* https://bugzilla.suse.com/show_bug.cgi?id=1253024
* https://bugzilla.suse.com/show_bug.cgi?id=1253068
* https://bugzilla.suse.com/show_bug.cgi?id=1253158
* https://bugzilla.suse.com/show_bug.cgi?id=1253322
* https://bugzilla.suse.com/show_bug.cgi?id=1253501
* https://bugzilla.suse.com/show_bug.cgi?id=1253773
* https://bugzilla.suse.com/show_bug.cgi?id=1255298
* https://bugzilla.suse.com/show_bug.cgi?id=1257538
* https://jira.suse.com/browse/MSQA-1046
* https://jira.suse.com/browse/SUMA-406
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-security-updates/attachments/20260325/f610184b/attachment.htm>
More information about the sle-security-updates
mailing list