SUSE-SU-2026:1140-1: important: Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools

SLE-SECURITY-UPDATES null at suse.de
Mon Mar 30 16:31:47 UTC 2026 


# Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools

Announcement ID: SUSE-SU-2026:1140-1  
Release Date: 2026-03-30T09:15:50Z  
Rating: important  
References:

  * bsc#1254256
  * bsc#1254257
  * bsc#1254903
  * bsc#1254904
  * bsc#1254905
  * bsc#1257447
  * bsc#1258015
  * jsc#MSQA-1044

  
Cross-References:

  * CVE-2025-62348
  * CVE-2025-62349
  * CVE-2025-67724
  * CVE-2025-67725
  * CVE-2025-67726

  
CVSS scores:

  * CVE-2025-62348 ( SUSE ):  7.3
    CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  * CVE-2025-62348 ( SUSE ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2025-62348 ( NVD ):  7.3
    CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  * CVE-2025-62348 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2025-62349 ( SUSE ):  7.5
    CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
  * CVE-2025-62349 ( SUSE ):  6.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L
  * CVE-2025-62349 ( NVD ):  7.5
    CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  * CVE-2025-62349 ( NVD ):  6.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L
  * CVE-2025-67724 ( SUSE ):  5.3
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
  * CVE-2025-67724 ( SUSE ):  5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
  * CVE-2025-67724 ( NVD ):  5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
  * CVE-2025-67724 ( NVD ):  6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  * CVE-2025-67725 ( SUSE ):  8.7
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  * CVE-2025-67725 ( SUSE ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2025-67725 ( NVD ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2025-67726 ( SUSE ):  8.7
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  * CVE-2025-67726 ( SUSE ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2025-67726 ( NVD ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

  
Affected Products:

  * SUSE Multi-Linux Manager Beta Client Tools for SUSE Liberty Linux 9, RHEL
    and clones

  
  
An update that solves five vulnerabilities, contains one feature and has two
security fixes can now be installed.

## Description:

This update fixes the following issues:

spacecmd:

  * Version 5.2.6-0
  * Update translation strings

uyuni-tools:

  * Version 5.2.5-0
  * Remove migrate command
  * Remove template script from mgradm: use the one in the image
  * Split the TFTP server into a separate container
  * Explicitly start proxy pods after operations (bsc#1258015)
  * Adjust mgrctl server filter to work with the new helm chart labels
  * Remove hub register command
  * Remove the Kubernetes install and upgrade from mgrpxy
  * Optimize postgres migration disk space usage (bsc#1257447)

venv-salt-minion:

  * Fix the typo causing buiding EL9 bundle without binary dependencies
  * Backport security patches for Salt vendored tornado:
  * CVE-2025-67724: missing validation of supplied reason phrase (bsc#1254903)
  * CVE-2025-67725: fix DoS via malicious HTTP request (bsc#1254905)
  * CVE-2025-67726: fix HTTP header parameter parsing algorithm (bsc#1254904)
  * CVE-2025-62349: Add minimum_auth_version to enforce security (bsc#1254257)
  * CVE-2025-62348: Junos module yaml loader fix (bsc#1254256)

## Special Instructions and Notes:

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Multi-Linux Manager Beta Client Tools for SUSE Liberty Linux 9, RHEL
    and clones  
    zypper in -t patch SUSE-MultiLinuxManagerTools-Beta-EL-9-2026-1140=1

## Package List:

  * SUSE Multi-Linux Manager Beta Client Tools for SUSE Liberty Linux 9, RHEL
    and clones (aarch64 ppc64le x86_64)
    * golang-github-prometheus-node_exporter-1.9.1-90052.3.2.1
  * SUSE Multi-Linux Manager Beta Client Tools for SUSE Liberty Linux 9, RHEL
    and clones (aarch64 ppc64le s390x x86_64)
    * mgrctl-5.2.5-90052.4.3.1
    * venv-salt-minion-3006.0-90052.6.3.1
  * SUSE Multi-Linux Manager Beta Client Tools for SUSE Liberty Linux 9, RHEL
    and clones (noarch)
    * scap-security-guide-redhat-0.1.79-90052.4.2.1
    * mgrctl-zsh-completion-5.2.5-90052.4.3.1
    * spacecmd-5.2.6-90052.4.3.1
    * mgrctl-bash-completion-5.2.5-90052.4.3.1

## References:

  * https://www.suse.com/security/cve/CVE-2025-62348.html
  * https://www.suse.com/security/cve/CVE-2025-62349.html
  * https://www.suse.com/security/cve/CVE-2025-67724.html
  * https://www.suse.com/security/cve/CVE-2025-67725.html
  * https://www.suse.com/security/cve/CVE-2025-67726.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1254256
  * https://bugzilla.suse.com/show_bug.cgi?id=1254257
  * https://bugzilla.suse.com/show_bug.cgi?id=1254903
  * https://bugzilla.suse.com/show_bug.cgi?id=1254904
  * https://bugzilla.suse.com/show_bug.cgi?id=1254905
  * https://bugzilla.suse.com/show_bug.cgi?id=1257447
  * https://bugzilla.suse.com/show_bug.cgi?id=1258015
  * https://jira.suse.com/browse/MSQA-1044

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-security-updates/attachments/20260330/285b5fbf/attachment.htm>

More information about the sle-security-updates mailing list