<div class="container">
<h1>Security update for amber-cli</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2025:02769-1</td>
</tr>
<tr>
<th>Release Date:</th>
<td>2025-08-12T13:49:39Z</td>
</tr>
<tr>
<th>Rating:</th>
<td>important</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1047218">bsc#1047218</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1240511">bsc#1240511</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2025-30204.html">CVE-2025-30204</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-30204</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.7</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-30204</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-30204</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">openSUSE Leap 15.6</li>
<li class="list-group-item">Server Applications Module 15-SP6</li>
<li class="list-group-item">Server Applications Module 15-SP7</li>
<li class="list-group-item">SUSE Linux Enterprise Real Time 15 SP6</li>
<li class="list-group-item">SUSE Linux Enterprise Real Time 15 SP7</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP6</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP7</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 15 SP6</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 15 SP7</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves one vulnerability and has one security fix can now be installed.</p>
<h2>Description:</h2>
<p>This update for amber-cli fixes the following issues:</p>
<ul>
<li>Update to version 1.13.1+git20250329.c2e3bb8:</li>
<li>CVE-2025-30204: Fixed jwt-go excessive memory
allocation during header parsing (bsc#1240511)</li>
<li>jwt version upgrade (#174)</li>
<li>Update policy size limit to 20k (#173)</li>
<li>Update tenant user model with latest changes (#172)</li>
<li>Fix/workflow (#171)</li>
<li>Upgrade GO version to 1.23.6 (#170)</li>
<li>Update golang jwt dependency (#169)</li>
<li>Update TMS roles struct (#167)</li>
<li>Update jwt dependency version (#165)</li>
<li>Add changes to support JWT (#163)</li>
<li>Update roles struct to be in sync with TMS (#164)</li>
<li>go upgrade to 1.22.7 (#162)</li>
<li>CASSINI-22266: Added permissions in ci workflow files (#153)</li>
<li>Add check for missing Security.md file (#150)</li>
<li>Go version upgrade to 1.22.5 (#148)</li>
<li>CLI changes (#140)</li>
<li>Bump github.com/hashicorp/go-retryablehttp from 0.7.4 to 0.7.7 (#147)</li>
<li>Update product model to include multiple plan IDs (#146)</li>
<li>Updated the help section (#145)</li>
<li>Mark policy type field as not required (#144)</li>
<li>Upgrade/goversion 1.22.3 (#143)</li>
<li>Remove policy type and attestation type check for policy creation (#142)</li>
<li>Go version upgrade 1.22.2 (#141)</li>
<li>Fix error message to include the correct set of characters (#138)</li>
<li>UT coverage 80.9% (#137)</li>
<li>Fix push installer workflow (#136)</li>
<li>3rd party versions upgrade (#133)</li>
<li>GO version upgrade to 1.22.0 (#132)</li>
<li>Fix/go version 1.21.6 (#127)</li>
<li>Update API key validation regex as per latest changes (#125)</li>
<li>Update API key validation regex as per latest changes (#124)</li>
<li>dependency version upgrade (#123)</li>
<li>Update tag create model (#121)</li>
<li>CASSINI-10113: Add scans in CI (#99)</li>
<li>corrected minor check condition (#120)</li>
<li>Add check to validate env variable before setting (#119)</li>
<li>Add version-check script (#118)</li>
<li>Add file path check for invalid characters (#116)</li>
<li>Update compoenent version (#117)</li>
<li>Update README as per suggestions (#113) (#115)</li>
<li>Added HTTP scheme validation to avoid API Key leakage (#108)</li>
<li>CASSINI-10987 Golang version upgrade to 1.21.4 (#114)</li>
<li>Update policy model as per the latest changes (#109)</li>
<li>Remove branch info from on schedule (#106)</li>
<li>Add BDBA scan to CI (#104)</li>
<li>Update CLI URL (#105)</li>
<li>updated licenses (#102)</li>
<li>Updated version of all components to v1.0.0 for GA (#100)</li>
<li>Validate the email id input before requesting list of users (#98)</li>
<li>Remove redundant print statements (#97)</li>
<li>Request ID and trace ID should be visible on the console for errors as well (#96)</li>
<li>Update sample policy as per token profile update changes (#95)</li>
<li>Update CLI name from tenantclt to inteltrustauthority (#93)</li>
<li>Update the headers for request and trace id (#94)</li>
<li>cassini-9466-Go version update to 1.20.6 (#91)</li>
<li>Add retry logic to client in tenant CLI (#92)</li>
<li>
<p>Add request-id optional parameter for each command (#90)</p>
</li>
<li>
<p>Override build date with SOURCE_DATE_EPOCH (bsc#1047218)</p>
</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
openSUSE Leap 15.6
<br/>
<code>zypper in -t patch SUSE-2025-2769=1 openSUSE-SLE-15.6-2025-2769=1</code>
</li>
<li class="list-group-item">
Server Applications Module 15-SP6
<br/>
<code>zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-2769=1</code>
</li>
<li class="list-group-item">
Server Applications Module 15-SP7
<br/>
<code>zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2025-2769=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
<ul>
<li>amber-cli-1.13.1+git20250329.c2e3bb8-150600.3.3.1</li>
</ul>
</li>
<li>
Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
<ul>
<li>amber-cli-1.13.1+git20250329.c2e3bb8-150600.3.3.1</li>
</ul>
</li>
<li>
Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
<ul>
<li>amber-cli-1.13.1+git20250329.c2e3bb8-150600.3.3.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2025-30204.html">https://www.suse.com/security/cve/CVE-2025-30204.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1047218">https://bugzilla.suse.com/show_bug.cgi?id=1047218</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1240511">https://bugzilla.suse.com/show_bug.cgi?id=1240511</a>
</li>
</ul>
</div>