From null at suse.de Fri Feb 13 22:35:54 2026 From: null at suse.de (SUSE-MANAGER-UPDATES) Date: Fri, 13 Feb 2026 22:35:54 -0000 Subject: SUSE-RU-2026:0502-1: important: Recommended Beta update 5.2.0 Alpha2 for Multi-Linux Manager Client Tools Message-ID: <177102215404.18695.8053910986382899987@smelt2.prg2.suse.org> # Recommended Beta update 5.2.0 Alpha2 for Multi-Linux Manager Client Tools Announcement ID: SUSE-RU-2026:0502-1 Release Date: 2026-02-13T13:25:18Z Rating: important References: * bsc#1240532 * bsc#1246130 * bsc#1250940 * bsc#1253659 * bsc#1254154 * bsc#1254325 * bsc#1254478 * bsc#1254903 * bsc#1254904 * bsc#1254905 * bsc#1255781 * jsc#MSQA-1043 Affected Products: * SUSE Multi-Linux Manager Beta Client Tools for Debian 12 An update that contains one feature and has 11 fixes can now be installed. ## Description: This update fixes the following issues: spacecmd: * Version 5.2.5-0 * Fix spacecmd binary file upload (bsc#1253659) uyuni-tools: * Version 5.2.4-0 * Fix images handling in mgrpxy support ptf (bsc#1250940) * Ssl Key file can miss if CA password is blank (bsc#1254154) * Bump golang to 1.24 * Move the SSL???checks at the begining of the migration * Support config command parse correctly supportconfig output (bsc#1255781) * Remove kubernetes code for the mgrdam * During migration, krb5.conf.d should be copied in /etc/rhn (bsc#1254478) * Use single universal image to migrate between postgresql versions venv-salt-minion: * Make syntax in httputil_test compatible with Python 3.6 * Fix KeyError in postgres module with PostgreSQL 17 (bsc#1254325) * Use internal deb classes instead of external aptsource lib * Drop dependency on saltbundlepy-apt * Speed up wheel key.finger call (bsc#1240532) * Add security patches (bsc#1254903,bsc#1254905,bsc#1254904) * Simplify and speed up utils.find_json function (bsc#1246130) * include-deb * Extend warn_until period to 2027 ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Beta Client Tools for Debian 12 zypper in -t patch SUSE-MultiLinuxManagerTools-Beta-Debian-12-2026-502=1 ## Package List: * SUSE Multi-Linux Manager Beta Client Tools for Debian 12 (all) * mgrctl-bash-completion-5.2.4-2.6.2 * mgrctl-fish-completion-5.2.4-2.6.2 * spacecmd-5.2.5-2.6.2 * mgrctl-zsh-completion-5.2.4-2.6.2 * SUSE Multi-Linux Manager Beta Client Tools for Debian 12 (amd64 arm64) * venv-salt-minion-3006.0-2.6.5 * mgrctl-5.2.4-2.6.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1240532 * https://bugzilla.suse.com/show_bug.cgi?id=1246130 * https://bugzilla.suse.com/show_bug.cgi?id=1250940 * https://bugzilla.suse.com/show_bug.cgi?id=1253659 * https://bugzilla.suse.com/show_bug.cgi?id=1254154 * https://bugzilla.suse.com/show_bug.cgi?id=1254325 * https://bugzilla.suse.com/show_bug.cgi?id=1254478 * https://bugzilla.suse.com/show_bug.cgi?id=1254903 * https://bugzilla.suse.com/show_bug.cgi?id=1254904 * https://bugzilla.suse.com/show_bug.cgi?id=1254905 * https://bugzilla.suse.com/show_bug.cgi?id=1255781 * https://jira.suse.com/browse/MSQA-1043 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Feb 13 22:36:04 2026 From: null at suse.de (SUSE-MANAGER-UPDATES) Date: Fri, 13 Feb 2026 22:36:04 -0000 Subject: SUSE-RU-2026:0501-1: important: Recommended Beta update 5.2.0 Alpha2 for Multi-Linux Manager Client Tools Message-ID: <177102216431.18695.11639915242094738997@smelt2.prg2.suse.org> # Recommended Beta update 5.2.0 Alpha2 for Multi-Linux Manager Client Tools Announcement ID: SUSE-RU-2026:0501-1 Release Date: 2026-02-13T13:24:28Z Rating: important References: * bsc#1240532 * bsc#1246130 * bsc#1250940 * bsc#1253659 * bsc#1254154 * bsc#1254325 * bsc#1254478 * bsc#1254903 * bsc#1254904 * bsc#1254905 * bsc#1255781 * jsc#MSQA-1043 Affected Products: * SUSE Multi-Linux Manager Beta Client Tools for Ubuntu 24.04 2404 An update that contains one feature and has 11 fixes can now be installed. ## Description: This update fixes the following issues: spacecmd: * Version 5.2.5-0 * Fix spacecmd binary file upload (bsc#1253659) uyuni-tools: * Version 5.2.4-0 * Fix images handling in mgrpxy support ptf (bsc#1250940) * Ssl Key file can miss if CA password is blank (bsc#1254154) * Bump golang to 1.24 * Move the SSL checks at the begining of the migration * Support config command parse correctly supportconfig output (bsc#1255781) * Remove kubernetes code for the mgrdam * During migration, krb5.conf.d should be copied in /etc/rhn (bsc#1254478) * Use single universal image to migrate between postgresql versions venv-salt-minion: * Make syntax in httputil_test compatible with Python 3.6 * Fix KeyError in postgres module with PostgreSQL 17 (bsc#1254325) * Use internal deb classes instead of external aptsource lib * Drop dependency on saltbundlepy-apt * Speed up wheel key.finger call (bsc#1240532) * Add security patches (bsc#1254903,bsc#1254905,bsc#1254904) * Simplify and speed up utils.find_json function (bsc#1246130) * include-deb * Extend warn_until period to 2027 ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Beta Client Tools for Ubuntu 24.04 2404 zypper in -t patch SUSE-MultiLinuxManagerTools-Beta-Ubuntu-24.04-2026-501=1 ## Package List: * SUSE Multi-Linux Manager Beta Client Tools for Ubuntu 24.04 2404 (all) * mgrctl-bash-completion-5.2.4-2.6.2 * mgrctl-fish-completion-5.2.4-2.6.2 * spacecmd-5.2.5-2.6.2 * mgrctl-zsh-completion-5.2.4-2.6.2 * SUSE Multi-Linux Manager Beta Client Tools for Ubuntu 24.04 2404 (amd64) * venv-salt-minion-3006.0-2.6.2 * mgrctl-5.2.4-2.6.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1240532 * https://bugzilla.suse.com/show_bug.cgi?id=1246130 * https://bugzilla.suse.com/show_bug.cgi?id=1250940 * https://bugzilla.suse.com/show_bug.cgi?id=1253659 * https://bugzilla.suse.com/show_bug.cgi?id=1254154 * https://bugzilla.suse.com/show_bug.cgi?id=1254325 * https://bugzilla.suse.com/show_bug.cgi?id=1254478 * https://bugzilla.suse.com/show_bug.cgi?id=1254903 * https://bugzilla.suse.com/show_bug.cgi?id=1254904 * https://bugzilla.suse.com/show_bug.cgi?id=1254905 * https://bugzilla.suse.com/show_bug.cgi?id=1255781 * https://jira.suse.com/browse/MSQA-1043 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Feb 13 22:36:14 2026 From: null at suse.de (SUSE-MANAGER-UPDATES) Date: Fri, 13 Feb 2026 22:36:14 -0000 Subject: SUSE-RU-2026:0500-1: important: Recommended Beta update 5.2.0 Alpha2 for Multi-Linux Manager Client Tools Message-ID: <177102217462.18695.244605998103077186@smelt2.prg2.suse.org> # Recommended Beta update 5.2.0 Alpha2 for Multi-Linux Manager Client Tools Announcement ID: SUSE-RU-2026:0500-1 Release Date: 2026-02-13T13:23:47Z Rating: important References: * bsc#1240532 * bsc#1246130 * bsc#1250940 * bsc#1253659 * bsc#1254154 * bsc#1254325 * bsc#1254478 * bsc#1254903 * bsc#1254904 * bsc#1254905 * bsc#1255781 * jsc#MSQA-1043 Affected Products: * SUSE Multi-Linux Manager Beta Client Tools for Ubuntu 22.04 2204 An update that contains one feature and has 11 fixes can now be installed. ## Description: This update fixes the following issues: spacecmd: * Version 5.2.5-0 * Fix spacecmd binary file upload (bsc#1253659) uyuni-tools: * Version 5.2.4-0 * Fix images handling in mgrpxy support ptf (bsc#1250940) * Ssl Key file can miss if CA password is blank (bsc#1254154) * Bump golang to 1.24 * Move the SSL checks at the begining of the migration * Support config command parse correctly supportconfig output (bsc#1255781) * Remove kubernetes code for the mgrdam * During migration, krb5.conf.d should be copied in /etc/rhn (bsc#1254478) * Use single universal image to migrate between postgresql versions venv-salt-minion: * Make syntax in httputil_test compatible with Python 3.6 * Fix KeyError in postgres module with PostgreSQL 17 (bsc#1254325) * Use internal deb classes instead of external aptsource lib * Drop dependency on saltbundlepy-apt * Speed up wheel key.finger call (bsc#1240532) * Add security patches (bsc#1254903,bsc#1254905,bsc#1254904) * Simplify and speed up utils.find_json function (bsc#1246130) * include-deb * Extend warn_until period to 2027 ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Beta Client Tools for Ubuntu 22.04 2204 zypper in -t patch SUSE-MultiLinuxManagerTools-Beta-Ubuntu-22.04-2026-500=1 ## Package List: * SUSE Multi-Linux Manager Beta Client Tools for Ubuntu 22.04 2204 (all) * spacecmd-5.2.5-2.6.3 * mgrctl-bash-completion-5.2.4-2.6.3 * mgrctl-zsh-completion-5.2.4-2.6.3 * mgrctl-fish-completion-5.2.4-2.6.3 * SUSE Multi-Linux Manager Beta Client Tools for Ubuntu 22.04 2204 (amd64) * venv-salt-minion-3006.0-2.6.2 * mgrctl-5.2.4-2.6.3 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1240532 * https://bugzilla.suse.com/show_bug.cgi?id=1246130 * https://bugzilla.suse.com/show_bug.cgi?id=1250940 * https://bugzilla.suse.com/show_bug.cgi?id=1253659 * https://bugzilla.suse.com/show_bug.cgi?id=1254154 * https://bugzilla.suse.com/show_bug.cgi?id=1254325 * https://bugzilla.suse.com/show_bug.cgi?id=1254478 * https://bugzilla.suse.com/show_bug.cgi?id=1254903 * https://bugzilla.suse.com/show_bug.cgi?id=1254904 * https://bugzilla.suse.com/show_bug.cgi?id=1254905 * https://bugzilla.suse.com/show_bug.cgi?id=1255781 * https://jira.suse.com/browse/MSQA-1043 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Feb 25 16:30:57 2026 From: null at suse.de (SUSE-MANAGER-UPDATES) Date: Wed, 25 Feb 2026 16:30:57 -0000 Subject: SUSE-RU-2026:0634-1: important: Recommended update 5.1.2 for Multi-Linux Manager Client Tools Message-ID: <177203705764.25.15864511986630421418@1822608de31d> # Recommended update 5.1.2 for Multi-Linux Manager Client Tools Announcement ID: SUSE-RU-2026:0634-1 Release Date: 2026-02-25T09:50:28Z Rating: important References: * bsc#1227579 * bsc#1240532 * bsc#1246130 * bsc#1247644 * bsc#1247721 * bsc#1248848 * bsc#1249400 * bsc#1249434 * bsc#1249532 * bsc#1250940 * bsc#1250976 * bsc#1250981 * bsc#1251044 * bsc#1251138 * bsc#1251995 * bsc#1253174 * bsc#1253282 * bsc#1253347 * bsc#1253659 * bsc#1253738 * bsc#1253966 * bsc#1254325 * bsc#1254478 * bsc#1254903 * bsc#1254904 * bsc#1254905 * bsc#1255781 * jsc#ECO-3319 * jsc#MSQA-1040 Cross-References: * CVE-2025-67724 * CVE-2025-67725 * CVE-2025-67726 CVSS scores: * CVE-2025-67724 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-67724 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-67724 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-67724 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2025-67725 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-67725 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67725 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67726 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-67726 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67726 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Multi-Linux Manager Client Tools for Ubuntu 22.04 2204 An update that solves three vulnerabilities, contains two features and has 24 fixes can now be installed. ## Description: This update fixes the following issues: scap-security-guide: * Updated to 0.1.79 (jsc#ECO-3319) * Add rhcos4 Profile for BSI Grundschutz * Create SLE15 general profile * Remove OCP STIG V1R1 * Remove OCP STIG V2R1 * Various updates for SLE 12/15 * Updated to 0.1.78 (jsc#ECO-3319) * Enable SCE content for problematic rules that can traverse the whole filesystem * Remove unnecessary Jinja2 macros in control files * Update RHEL 8 STIG to V2R4 and RHEL 9 STIG to V2R5 * Add Debian 13 profile for ANSSI BP 28 (enhanced) * Create SLEM5 General profile * Create SL Micro 6 product and general profile * Update SLE15 STIG version to V2R5 * Update SLE12 STIG version to V3R3 * Update SLEM5 STIG version to V1R2 * Removed the CIS profiles from all products and from the tarball spacecmd: * Version 5.1.12-0 * Fix spacecmd binary file upload (bsc#1253659) * Fix typo in spacecmd help ca-cert flag (bsc#1253174) * Convert cached IDs to int (bsc#1251995) * Fix methods in api namespace in spacecmd (bsc#1249532) * Make caching code Py 2.7 compatible * Use JSON instead of pickle for spacecmd cache (bsc#1227579) * Python 2.7 cannot re-raise exceptions uyuni-tools: * Version 5.1.24-0 * Actually use the --dbupgrade-tag parameter when computing the image URL (bsc#1249400) * Handle CA files with symlinks during migration (bsc#1251044) * Adjust traefik exposed configuration for chart v27+ (bsc#1247721) * Fix systemd object initialization in server rename. (bsc#1250981) * Add SSL secrets to the db setup container during migration. (bsc#1250976) * Fix images handling in mgrpxy support ptf (bsc#1250940) * Fix helm upgrade parameters (bsc#1253966) * Detect custom apache and squid config in the /etc/uyuni/proxy folder * Add ssh tuning to configure sshd (bsc#1253738) * Move the SSL checks at the beginning of the migration * Remove cgroup mount for podman containers (bsc#1253347) * Convert the traefik install time to local time (bsc#1251138) * During migration, krb5.conf.d should be copied in /etc/rhn (bsc#1254478) * Read env var from http conf file (bsc#1253282) * Add --registry-host, --registry-user and --registry-password to pull images from an authenticate registry * Deprecate --registry * Unify backup create and restore dryrun option case * Fix calling of squid -z in mgrpxy cache clear (bsc#1247644) * Always start database container even if enabled * Remove extra ipv6 mapping and nftables workaround (bsc#1248848) * Remove old PostgreSQL exporter environment file before migration * Support config command parse correctly supportconfig output (bsc#1255781) * Version 5.1.23-0 * Update the default tag to 5.1.1.1 * Version 5.1.22-0 * Fix cobbler config migration to standalone files * Fix generated DB certificate subject alternate names * Version 5.1.21-0 * Remove extraneous quotes when getting the running image (bsc#1249434) venv-salt-minion: * Backported security patches for Salt vendored tornado: * CVE-2025-67724: Fixed missing validation of supplied reason phrase (bsc#1254903) * CVE-2025-67725: Fixed DoS via malicious HTTP request (bsc#1254905) * CVE-2025-67726: Fixed HTTP header parameter parsing algorithm (bsc#1254904) * Made syntax in httputil_test compatible with Python 3.6 * Fixed KeyError in postgres module with PostgreSQL 17 (bsc#1254325) * Use internal deb classes instead of external aptsource lib * Speed up wheel key.finger call (bsc#1240532) * Improved utils.find_json function (bsc#1246130) * Extended warn_until period to 2027 ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for Ubuntu 22.04 2204 zypper in -t patch SUSE-MultiLinuxManagerTools-Ubuntu-22.04-2026-634=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for Ubuntu 22.04 2204 (all) * mgrctl-zsh-completion-5.1.24-220402.3.12.2 * spacecmd-5.1.12-220402.3.12.3 * mgrctl-bash-completion-5.1.24-220402.3.12.2 * scap-security-guide-ubuntu-0.1.79-220402.2.9.3 * mgrctl-fish-completion-5.1.24-220402.3.12.2 * SUSE Multi-Linux Manager Client Tools for Ubuntu 22.04 2204 (amd64) * venv-salt-minion-3006.0-220402.3.15.3 * mgrctl-5.1.24-220402.3.12.2 ## References: * https://www.suse.com/security/cve/CVE-2025-67724.html * https://www.suse.com/security/cve/CVE-2025-67725.html * https://www.suse.com/security/cve/CVE-2025-67726.html * https://bugzilla.suse.com/show_bug.cgi?id=1227579 * https://bugzilla.suse.com/show_bug.cgi?id=1240532 * https://bugzilla.suse.com/show_bug.cgi?id=1246130 * https://bugzilla.suse.com/show_bug.cgi?id=1247644 * https://bugzilla.suse.com/show_bug.cgi?id=1247721 * https://bugzilla.suse.com/show_bug.cgi?id=1248848 * https://bugzilla.suse.com/show_bug.cgi?id=1249400 * https://bugzilla.suse.com/show_bug.cgi?id=1249434 * https://bugzilla.suse.com/show_bug.cgi?id=1249532 * https://bugzilla.suse.com/show_bug.cgi?id=1250940 * https://bugzilla.suse.com/show_bug.cgi?id=1250976 * https://bugzilla.suse.com/show_bug.cgi?id=1250981 * https://bugzilla.suse.com/show_bug.cgi?id=1251044 * https://bugzilla.suse.com/show_bug.cgi?id=1251138 * https://bugzilla.suse.com/show_bug.cgi?id=1251995 * https://bugzilla.suse.com/show_bug.cgi?id=1253174 * https://bugzilla.suse.com/show_bug.cgi?id=1253282 * https://bugzilla.suse.com/show_bug.cgi?id=1253347 * https://bugzilla.suse.com/show_bug.cgi?id=1253659 * https://bugzilla.suse.com/show_bug.cgi?id=1253738 * https://bugzilla.suse.com/show_bug.cgi?id=1253966 * https://bugzilla.suse.com/show_bug.cgi?id=1254325 * https://bugzilla.suse.com/show_bug.cgi?id=1254478 * https://bugzilla.suse.com/show_bug.cgi?id=1254903 * https://bugzilla.suse.com/show_bug.cgi?id=1254904 * https://bugzilla.suse.com/show_bug.cgi?id=1254905 * https://bugzilla.suse.com/show_bug.cgi?id=1255781 * https://jira.suse.com/browse/ECO-3319 * https://jira.suse.com/browse/MSQA-1040 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Feb 25 16:31:39 2026 From: null at suse.de (SUSE-MANAGER-UPDATES) Date: Wed, 25 Feb 2026 16:31:39 -0000 Subject: SUSE-SU-2026:0633-1: important: Security update 5.1.2 for Multi-Linux Manager Client Tools Message-ID: <177203709920.25.17195009664335371278@1822608de31d> # Security update 5.1.2 for Multi-Linux Manager Client Tools Announcement ID: SUSE-SU-2026:0633-1 Release Date: 2026-02-25T09:49:32Z Rating: important References: * bsc#1227579 * bsc#1240532 * bsc#1246130 * bsc#1247644 * bsc#1247721 * bsc#1248848 * bsc#1249400 * bsc#1249434 * bsc#1249532 * bsc#1250940 * bsc#1250976 * bsc#1250981 * bsc#1251044 * bsc#1251138 * bsc#1251995 * bsc#1253174 * bsc#1253282 * bsc#1253347 * bsc#1253659 * bsc#1253738 * bsc#1253966 * bsc#1254325 * bsc#1254478 * bsc#1254903 * bsc#1254904 * bsc#1254905 * bsc#1255781 * jsc#MSQA-1040 Cross-References: * CVE-2025-67724 * CVE-2025-67725 * CVE-2025-67726 CVSS scores: * CVE-2025-67724 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-67724 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-67724 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-67724 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2025-67725 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-67725 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67725 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67726 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-67726 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67726 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Multi-Linux Manager Client Tools for Ubuntu 24.04 2404 An update that solves three vulnerabilities, contains one feature and has 24 security fixes can now be installed. ## Description: This update fixes the following issues: spacecmd: * Version 5.1.12-0 * Fix spacecmd binary file upload (bsc#1253659) * Fix typo in spacecmd help ca-cert flag (bsc#1253174) * Convert cached IDs to int (bsc#1251995) * Fix methods in api namespace in spacecmd (bsc#1249532) * Make caching code Py 2.7 compatible * Use JSON instead of pickle for spacecmd cache (bsc#1227579) * Python 2.7 cannot re-raise exceptions uyuni-tools: * Version 5.1.24-0 * Actually use the --dbupgrade-tag parameter when computing the image URL (bsc#1249400) * Handle CA files with symlinks during migration (bsc#1251044) * Adjust traefik exposed configuration for chart v27+ (bsc#1247721) * Fix systemd object initialization in server rename. (bsc#1250981) * Add SSL secrets to the db setup container during migration. (bsc#1250976) * Fix images handling in mgrpxy support ptf (bsc#1250940) * Fix helm upgrade parameters (bsc#1253966) * Detect custom apache and squid config in the /etc/uyuni/proxy folder * Add ssh tuning to configure sshd (bsc#1253738) * Move the SSL checks at the beginning of the migration * Remove cgroup mount for podman containers (bsc#1253347) * Convert the traefik install time to local time (bsc#1251138) * During migration, krb5.conf.d should be copied in /etc/rhn (bsc#1254478) * Read env var from http conf file (bsc#1253282) * Add --registry-host, --registry-user and --registry-password to pull images from an authenticate registry * Deprecate --registry * Unify backup create and restore dryrun option case * Fix calling of squid -z in mgrpxy cache clear (bsc#1247644) * Always start database container even if enabled * Remove extra ipv6 mapping and nftables workaround (bsc#1248848) * Remove old PostgreSQL exporter environment file before migration * Support config command parse correctly supportconfig output (bsc#1255781) * Version 5.1.23-0 * Update the default tag * Version 5.1.22-0 * Fix cobbler config migration to standalone files * Fix generated DB certificate subject alternate names * Version 5.1.21-0 * Remove extraneous quotes when getting the running image (bsc#1249434) venv-salt-minion: * Backport security patches for Salt vendored tornado: * CVE-2025-67724: missing validation of supplied reason phrase (bsc#1254903) * CVE-2025-67725: fix DoS via malicious HTTP request (bsc#1254905) * CVE-2025-67726: fix HTTP header parameter parsing algorithm (bsc#1254904) * Make syntax in httputil_test compatible with Python 3.6 * Fix KeyError in postgres module with PostgreSQL 17 (bsc#1254325) * Use internal deb classes instead of external aptsource lib * Speed up wheel key.finger call (bsc#1240532) * Simplify and speed up utils.find_json function (bsc#1246130) * Extend warn_until period to 2027 ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for Ubuntu 24.04 2404 zypper in -t patch SUSE-MultiLinuxManagerTools-Ubuntu-24.04-2026-633=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for Ubuntu 24.04 2404 (all) * spacecmd-5.1.12-240402.3.17.3 * mgrctl-zsh-completion-5.1.24-240402.3.12.2 * mgrctl-bash-completion-5.1.24-240402.3.12.2 * mgrctl-fish-completion-5.1.24-240402.3.12.2 * SUSE Multi-Linux Manager Client Tools for Ubuntu 24.04 2404 (amd64) * venv-salt-minion-3006.0-240402.3.15.3 * mgrctl-5.1.24-240402.3.12.2 ## References: * https://www.suse.com/security/cve/CVE-2025-67724.html * https://www.suse.com/security/cve/CVE-2025-67725.html * https://www.suse.com/security/cve/CVE-2025-67726.html * https://bugzilla.suse.com/show_bug.cgi?id=1227579 * https://bugzilla.suse.com/show_bug.cgi?id=1240532 * https://bugzilla.suse.com/show_bug.cgi?id=1246130 * https://bugzilla.suse.com/show_bug.cgi?id=1247644 * https://bugzilla.suse.com/show_bug.cgi?id=1247721 * https://bugzilla.suse.com/show_bug.cgi?id=1248848 * https://bugzilla.suse.com/show_bug.cgi?id=1249400 * https://bugzilla.suse.com/show_bug.cgi?id=1249434 * https://bugzilla.suse.com/show_bug.cgi?id=1249532 * https://bugzilla.suse.com/show_bug.cgi?id=1250940 * https://bugzilla.suse.com/show_bug.cgi?id=1250976 * https://bugzilla.suse.com/show_bug.cgi?id=1250981 * https://bugzilla.suse.com/show_bug.cgi?id=1251044 * https://bugzilla.suse.com/show_bug.cgi?id=1251138 * https://bugzilla.suse.com/show_bug.cgi?id=1251995 * https://bugzilla.suse.com/show_bug.cgi?id=1253174 * https://bugzilla.suse.com/show_bug.cgi?id=1253282 * https://bugzilla.suse.com/show_bug.cgi?id=1253347 * https://bugzilla.suse.com/show_bug.cgi?id=1253659 * https://bugzilla.suse.com/show_bug.cgi?id=1253738 * https://bugzilla.suse.com/show_bug.cgi?id=1253966 * https://bugzilla.suse.com/show_bug.cgi?id=1254325 * https://bugzilla.suse.com/show_bug.cgi?id=1254478 * https://bugzilla.suse.com/show_bug.cgi?id=1254903 * https://bugzilla.suse.com/show_bug.cgi?id=1254904 * https://bugzilla.suse.com/show_bug.cgi?id=1254905 * https://bugzilla.suse.com/show_bug.cgi?id=1255781 * https://jira.suse.com/browse/MSQA-1040 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Feb 25 16:32:20 2026 From: null at suse.de (SUSE-MANAGER-UPDATES) Date: Wed, 25 Feb 2026 16:32:20 -0000 Subject: SUSE-RU-2026:0632-1: important: Recommended update 5.1.2 for Multi-Linux Manager Client Tools Message-ID: <177203714070.25.12442689729627015906@1822608de31d> # Recommended update 5.1.2 for Multi-Linux Manager Client Tools Announcement ID: SUSE-RU-2026:0632-1 Release Date: 2026-02-25T09:48:37Z Rating: important References: * bsc#1227579 * bsc#1240532 * bsc#1246130 * bsc#1247644 * bsc#1247721 * bsc#1248848 * bsc#1249400 * bsc#1249434 * bsc#1249532 * bsc#1250940 * bsc#1250976 * bsc#1250981 * bsc#1251044 * bsc#1251138 * bsc#1251995 * bsc#1253174 * bsc#1253282 * bsc#1253347 * bsc#1253659 * bsc#1253738 * bsc#1253966 * bsc#1254325 * bsc#1254478 * bsc#1254903 * bsc#1254904 * bsc#1254905 * bsc#1255781 * jsc#MSQA-1040 Cross-References: * CVE-2025-67724 * CVE-2025-67725 * CVE-2025-67726 CVSS scores: * CVE-2025-67724 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-67724 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-67724 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-67724 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2025-67725 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-67725 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67725 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67726 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-67726 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67726 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Multi-Linux Manager Client Tools for Debian 12 An update that solves three vulnerabilities, contains one feature and has 24 fixes can now be installed. ## Description: This update fixes the following issues: spacecmd: * Version 5.1.12-0 * Fix spacecmd binary file upload (bsc#1253659) * Fix typo in spacecmd help ca-cert flag (bsc#1253174) * Convert cached IDs to int (bsc#1251995) * Fix methods in api namespace in spacecmd (bsc#1249532) * Make caching code Py 2.7 compatible * Use JSON instead of pickle for spacecmd cache (bsc#1227579) * Python 2.7 cannot re-raise exceptions uyuni-tools: * Version 5.1.24-0 * Actually use the --dbupgrade-tag parameter when computing the image URL (bsc#1249400) * Handle CA files with symlinks during migration (bsc#1251044) * Adjust traefik exposed configuration for chart v27+ (bsc#1247721) * Fix systemd object initialization in server rename (bsc#1250981) * Add SSL secrets to the db setup container during migration (bsc#1250976) * Fix images handling in mgrpxy support ptf (bsc#1250940) * Fix helm upgrade parameters (bsc#1253966) * Detect custom apache and squid config in the /etc/uyuni/proxy folder * Add ssh tuning to configure sshd (bsc#1253738) * Move the SSL checks at the beginning of the migration * Remove cgroup mount for podman containers (bsc#1253347) * Convert the traefik install time to local time (bsc#1251138) * During migration, krb5.conf.d should be copied in /etc/rhn (bsc#1254478) * Read env var from http conf file (bsc#1253282) * Add --registry-host, --registry-user and --registry-password to pull images from an authenticate registry * Deprecate --registry * Unify backup create and restore dryrun option case * Fix calling of squid -z in mgrpxy cache clear (bsc#1247644) * Always start database container even if enabled * Remove extra ipv6 mapping and nftables workaround (bsc#1248848) * Remove old PostgreSQL exporter environment file before migration * Support config command parse correctly supportconfig output (bsc#1255781) * Version 5.1.23-0 * Update the default tag * Version 5.1.22-0 * Fix cobbler config migration to standalone files * Fix generated DB certificate subject alternate names * Version 5.1.21-0 * Remove extraneous quotes when getting the running image (bsc#1249434) venv-salt-minion: * Backported security patches for Salt vendored tornado: * CVE-2025-67724: Fixed missing validation of supplied reason phrase (bsc#1254903) * CVE-2025-67725: Fixed DoS via malicious HTTP request (bsc#1254905) * CVE-2025-67726: Fixed HTTP header parameter parsing algorithm (bsc#1254904) * Made syntax in httputil_test compatible with Python 3.6 * Fixed KeyError in postgres module with PostgreSQL 17 (bsc#1254325) * Use internal deb classes instead of external aptsource lib * Speed up wheel key.finger call (bsc#1240532) * Improved utils.find_json function (bsc#1246130) * Extended warn_until period to 2027json function (bsc#1246130) * Extend warn_until period to 2027 ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for Debian 12 zypper in -t patch SUSE-MultiLinuxManagerTools-Debian-12-2026-632=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for Debian 12 (all) * mgrctl-zsh-completion-5.1.24-120002.3.14.1 * mgrctl-fish-completion-5.1.24-120002.3.14.1 * spacecmd-5.1.12-120002.3.14.1 * mgrctl-bash-completion-5.1.24-120002.3.14.1 * SUSE Multi-Linux Manager Client Tools for Debian 12 (amd64 arm64) * mgrctl-5.1.24-120002.3.14.1 * venv-salt-minion-3006.0-120002.3.17.1 ## References: * https://www.suse.com/security/cve/CVE-2025-67724.html * https://www.suse.com/security/cve/CVE-2025-67725.html * https://www.suse.com/security/cve/CVE-2025-67726.html * https://bugzilla.suse.com/show_bug.cgi?id=1227579 * https://bugzilla.suse.com/show_bug.cgi?id=1240532 * https://bugzilla.suse.com/show_bug.cgi?id=1246130 * https://bugzilla.suse.com/show_bug.cgi?id=1247644 * https://bugzilla.suse.com/show_bug.cgi?id=1247721 * https://bugzilla.suse.com/show_bug.cgi?id=1248848 * https://bugzilla.suse.com/show_bug.cgi?id=1249400 * https://bugzilla.suse.com/show_bug.cgi?id=1249434 * https://bugzilla.suse.com/show_bug.cgi?id=1249532 * https://bugzilla.suse.com/show_bug.cgi?id=1250940 * https://bugzilla.suse.com/show_bug.cgi?id=1250976 * https://bugzilla.suse.com/show_bug.cgi?id=1250981 * https://bugzilla.suse.com/show_bug.cgi?id=1251044 * https://bugzilla.suse.com/show_bug.cgi?id=1251138 * https://bugzilla.suse.com/show_bug.cgi?id=1251995 * https://bugzilla.suse.com/show_bug.cgi?id=1253174 * https://bugzilla.suse.com/show_bug.cgi?id=1253282 * https://bugzilla.suse.com/show_bug.cgi?id=1253347 * https://bugzilla.suse.com/show_bug.cgi?id=1253659 * https://bugzilla.suse.com/show_bug.cgi?id=1253738 * https://bugzilla.suse.com/show_bug.cgi?id=1253966 * https://bugzilla.suse.com/show_bug.cgi?id=1254325 * https://bugzilla.suse.com/show_bug.cgi?id=1254478 * https://bugzilla.suse.com/show_bug.cgi?id=1254903 * https://bugzilla.suse.com/show_bug.cgi?id=1254904 * https://bugzilla.suse.com/show_bug.cgi?id=1254905 * https://bugzilla.suse.com/show_bug.cgi?id=1255781 * https://jira.suse.com/browse/MSQA-1040 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Feb 25 16:32:30 2026 From: null at suse.de (SUSE-MANAGER-UPDATES) Date: Wed, 25 Feb 2026 16:32:30 -0000 Subject: SUSE-SU-2026:0631-1: important: Security update 5.1.2 for Multi-Linux Manager Salt Bundle Message-ID: <177203715096.25.16003295292667389721@1822608de31d> # Security update 5.1.2 for Multi-Linux Manager Salt Bundle Announcement ID: SUSE-SU-2026:0631-1 Release Date: 2026-02-25T09:47:25Z Rating: important References: * bsc#1240532 * bsc#1246130 * bsc#1254325 * bsc#1254903 * bsc#1254904 * bsc#1254905 * jsc#MSQA-1040 Cross-References: * CVE-2025-67724 * CVE-2025-67725 * CVE-2025-67726 CVSS scores: * CVE-2025-67724 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-67724 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-67724 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-67724 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2025-67725 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-67725 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67725 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67726 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-67726 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67726 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Multi-Linux Manager Client Tools for SLE 15 * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 An update that solves three vulnerabilities, contains one feature and has three security fixes can now be installed. ## Description: This update fixes the following issues: venv-salt-minion: * Backported security patches for Salt vendored tornado: * CVE-2025-67724: Fixed missing validation of supplied reason phrase (bsc#1254903) * CVE-2025-67725: Fixed DoS via malicious HTTP request (bsc#1254905) * CVE-2025-67726: Fixed HTTP header parameter parsing algorithm (bsc#1254904) * Made syntax in httputil_test compatible with Python 3.6 * Fixed KeyError in postgres module with PostgreSQL 17 (bsc#1254325) * Use internal deb classes instead of external aptsource lib * Speed up wheel key.finger call (bsc#1240532) * Improved utils.find_json function (bsc#1246130) * Extended warn_until period to 2027 ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for SLE 15 zypper in -t patch SUSE-MultiLinuxManagerTools-SLE-15-2026-631=1 * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-MultiLinuxManagerTools-SLE-Micro-5-2026-631=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for SLE 15 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-150002.5.9.1 * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-150002.5.9.1 ## References: * https://www.suse.com/security/cve/CVE-2025-67724.html * https://www.suse.com/security/cve/CVE-2025-67725.html * https://www.suse.com/security/cve/CVE-2025-67726.html * https://bugzilla.suse.com/show_bug.cgi?id=1240532 * https://bugzilla.suse.com/show_bug.cgi?id=1246130 * https://bugzilla.suse.com/show_bug.cgi?id=1254325 * https://bugzilla.suse.com/show_bug.cgi?id=1254903 * https://bugzilla.suse.com/show_bug.cgi?id=1254904 * https://bugzilla.suse.com/show_bug.cgi?id=1254905 * https://jira.suse.com/browse/MSQA-1040 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Feb 25 16:33:09 2026 From: null at suse.de (SUSE-MANAGER-UPDATES) Date: Wed, 25 Feb 2026 16:33:09 -0000 Subject: SUSE-SU-2026:0630-1: important: Security update 5.1.2 for Multi-Linux Manager Client Tools Message-ID: <177203718915.25.5274851851397944467@1822608de31d> # Security update 5.1.2 for Multi-Linux Manager Client Tools Announcement ID: SUSE-SU-2026:0630-1 Release Date: 2026-02-25T09:46:13Z Rating: important References: * bsc#1227579 * bsc#1247644 * bsc#1247721 * bsc#1248848 * bsc#1249400 * bsc#1249532 * bsc#1250940 * bsc#1250976 * bsc#1250981 * bsc#1251044 * bsc#1251138 * bsc#1251995 * bsc#1253004 * bsc#1253174 * bsc#1253282 * bsc#1253347 * bsc#1253659 * bsc#1253738 * bsc#1253966 * bsc#1254478 * bsc#1255340 * bsc#1255588 * bsc#1255781 * jsc#MSQA-1040 * jsc#PED-13824 * jsc#PED-14971 Cross-References: * CVE-2025-12816 * CVE-2025-68156 CVSS scores: * CVE-2025-12816 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N * CVE-2025-12816 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N * CVE-2025-68156 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Multi-Linux Manager Client Tools for SLE 15 * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 An update that solves two vulnerabilities, contains three features and has 21 security fixes can now be installed. ## Description: This update fixes the following issues: dracut-saltboot: * Update to version 1.1.0 * Retry DHCP requests up to 3 times (bsc#1253004) golang-github-QubitProducts-exporter_exporter: * Non-customer-facing optimization around source building golang-github-boynux-squid_exporter: * Update to version 1.13.0 (jsc#PED-14971) * Add support for squid-internal-mgr path for metrics. * Update to version 1.12.0 * Add TLS and basic authentication support for the web interface. * Update to version 1.11.0 * Allow adding custom labels to all metrics. * Update to version 1.10.0 * Add ability to configure the exporter using environment variables. * Add support for Squid 6 * Add `squid_up` metric * Add `squid_scrape_duration_seconds` metric * Add `squid_scrape_error` metric * Update to version 1.9.0 * Add `process_open_fds` metric to monitor open file descriptors. * Use `CAP_DAC_READ_SEARCH` capability to allow reading process information without running as root. * Update to version 1.8.0 * Add various service time metrics to provide more detailed performance data. * Update to version 1.7.0 * Add support for basic authentication against the Squid proxy. * Fix `squid_client_http_requests_total` metric * Upstream changes for v1.9.0: * Use `CAP_DAC_READ_SEARCH` capability to allow reading process information without running as root. * Upstream changes for v1.8.0: * Add various service time metrics to provide more detailed performance data. * Upstream changes for v1.7.0: Squid proxy.Update to version 1.10.0 * Add ability to configure the exporter using environment variables. * Add `process_open_fds` metric to monitor open file descriptors. * Use `CAP_DAC_READ_SEARCH` capability to allow reading process information without running as root. * Add various service time metrics to provide more detailed performance data. * Add support for basic authentication against the Squid proxy. * Use current distro go default version. Use auto-versioning on SUSE as well. golang-github-lusitaniae-apache_exporter: * Build without apparmor for openSUSE Leap 16, SLES 16 or newer * Require Go 1.23 for building * Update to version 1.0.10 * Update github.com/prometheus/client_golang to 1.21.1 * Update github.com/prometheus/common to 0.63.0 * Update github.com/prometheus/exporter-toolkit to 0.14.0 * Update to version 1.0.9 * Update github.com/prometheus/client_golang to 1.20.4 * Update github.com/prometheus/common to 0.59.1 * Update github.com/prometheus/exporter-toolkit to 0.13.0 * Migrate logging to log/slog * Fix signal handler logging golang-github-prometheus-alertmanager: * Non-customer-facing optimization around source building golang-github-prometheus-node_exporter: * Non-customer-facing optimization around source building golang-github-prometheus-prometheus: * CVE-2025-12816: Interpretation conflict vulnerability allowing bypassing cryptographic verifications (bsc#1255588) * Update to 3.5.0 (jsc#PED-13824): This is a Long-Term Support (LTS) release. * [FEATURE] Remote-write: Add support for Azure Workload Identity as an authentication method for the receiver. * [FEATURE] PromQL: Add first_over_time(...) and ts_of_first_over_time(...) behind feature flag. * [FEATURE] Federation: Add support for native histograms with custom buckets (NHCB). * [ENHANCEMENT] PromQL: Add warn-level annotations for counter reset conflicts in certain histogram operations. * [ENHANCEMENT] UI: Add scrape interval and scrape timeout to targets page. * Update to 3.4.0: * [FEATURE] SD: Add unified AWS service discovery for ec2, lightsail and ecs services. * [FEATURE] Native histograms are now a stable, but optional feature. * [FEATURE] UI: Show detailed relabeling steps for each discovered target. * [ENHANCEMENT] Alerting: Add "unknown" state for alerting rules that haven't been evaluated yet. * [BUGFIX] Scrape: Fix a bug where scrape cache would not be cleared on startup. * Update to 3.3.0: * [FEATURE] Spring Boot 3.3 includes support for the Prometheus Client 1.x. * [ENHANCEMENT] Dependency management for Dropwizard Metrics has been removed. * Update to 3.2.0: * [FEATURE] OAuth2: support jwt-bearer grant-type (RFC7523 3.1). * [ENHANCEMENT] PromQL: Reconcile mismatched NHCB bounds in Add and Sub. * [BUGFIX] TSDB: Native Histogram Custom Bounds with a NaN threshold are now rejected. * Update to 3.1.0: * [FEATURE] Remote-write 2 (receiving): Update to 2.0-rc.4 spec. "created timestamp" (CT) is now called "start timestamp" (ST). * [BUGFIX] Mixin: Add static UID to the remote-write dashboard. * Update to 3.0.1: * [BUGFIX] Promql: Make subqueries left open. * [BUGFIX] Fix memory leak when query log is enabled. * [BUGFIX] Support utf8 names on /v1/label/:name/values endpoint. * Update to 3.0.0: This release includes new features such as a brand new UI and UTF-8 support enabled by default. * [CHANGE] Deprecated feature flags removed. * [FEATURE] New UI. * [FEATURE] Remote Write 2.0. * [FEATURE] OpenTelemetry Support. * [FEATURE] UTF-8 support is now stable and enabled by default. * [FEATURE] OTLP Ingestion. * [FEATURE] Native Histograms. * [BUGFIX] PromQL: Fix count_values for histograms. * [BUGFIX] TSDB: Fix race on stale values in headAppender. * [BUGFIX] UI: Fix selector / series formatting for empty metric names. * Update to 2.55.0: * [FEATURE] PromQL: Add `last_over_time` function. * [FEATURE] Agent: Add `prometheus_agent_build_info` metric. * [ENHANCEMENT] PromQL: Optimise `group()` and `group by()`. * [ENHANCEMENT] TSDB: Reduce memory usage when loading blocks. * [BUGFIX] Scrape: Fix a bug where a target could be scraped multiple times. * Update to 2.54.0: This release brings a release candidate of a major new version of Remote Write: 2.0. * [CHANGE] Remote-Write: highest_timestamp_in_seconds and queue_highest_sent_timestamp_seconds metrics now initialized to 0. * [CHANGE] API: Split warnings from info annotations in API response. * [FEATURE] Remote-Write: Version 2.0 experimental, plus metadata in WAL via feature flag. * [FEATURE] PromQL: add limitk() and limit_ratio() aggregation operators. * [ENHANCEMENT] PromQL: Accept underscores in literal numbers. * [ENHANCEMENT] PromQL: float literal numbers and durations are now interchangeable (experimental). * [ENHANCEMENT] PromQL (experimental native histograms): Optimize histogram_count and histogram_sum functions. * [BUGFIX] PromQL: Fix various issues with native histograms. * [BUGFIX] OTLP receiver: Allow colons in non-standard units. grafana: * CVE-2025-68156: Fix potential DoS via unbounded recursion in builtin functions (bsc#1255340) mgr-push: * Version 5.1.5-0 * Non-customer-facing optimization and update prometheus-blackbox_exporter: * Non-customer-facing optimization and update rhnlib: * Version 5.1.4-0 * Non-customer-facing optimization and update spacecmd: * Version 5.1.12-0 * Fix spacecmd binary file upload (bsc#1253659) * Fix typo in spacecmd help ca-cert flag (bsc#1253174) * Convert cached IDs to int (bsc#1251995) * Fix methods in api namespace in spacecmd (bsc#1249532) * Make caching code Py 2.7 compatible * Use JSON instead of pickle for spacecmd cache (bsc#1227579) * Python 2.7 cannot re-raise exceptions spacewalk-client-tools: * Version 5.1.8-0 * Non-customer-facing optimization and update supportutils-plugin-susemanager-client: * Version 5.1.5-0 * Non-customer-facing optimization and update uyuni-common-libs: * Version 5.1.5-0 * Non-customer-facing optimization and update uyuni-tools: * Version 5.1.24-0 * Actually use the --dbupgrade-tag parameter when computing the image URL (bsc#1249400) * Handle CA files with symlinks during migration (bsc#1251044) * Adjust traefik exposed configuration for chart v27+ (bsc#1247721) * Fix systemd object initialization in server rename. (bsc#1250981) * Add SSL secrets to the db setup container during migration. (bsc#1250976) * Fix images handling in mgrpxy support ptf (bsc#1250940) * Fix helm upgrade parameters (bsc#1253966) * Detect custom apache and squid config in the /etc/uyuni/proxy folder * Add ssh tuning to configure sshd (bsc#1253738) * Move the SSL checks at the beginning of the migration * Remove cgroup mount for podman containers (bsc#1253347) * Convert the traefik install time to local time (bsc#1251138) * During migration, krb5.conf.d should be copied in /etc/rhn (bsc#1254478) * Read env var from http conf file (bsc#1253282) * Add --registry-host, --registry-user and --registry-password to pull images from an authenticate registry * Deprecate --registry * Unify backup create and restore dryrun option case * Fix calling of squid -z in mgrpxy cache clear (bsc#1247644) * Always start database container even if enabled * Remove extra ipv6 mapping and nftables workaround (bsc#1248848) * Remove old PostgreSQL exporter environment file before migration * Support config command parse correctly supportconfig output (bsc#1255781) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for SLE 15 zypper in -t patch SUSE-MultiLinuxManagerTools-SLE-15-2026-630=1 * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-MultiLinuxManagerTools-SLE-Micro-5-2026-630=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for SLE 15 (noarch) * python3-spacewalk-client-tools-5.1.8-150002.3.6.1 * dracut-saltboot-1.1.0-150002.3.6.1 * mgrctl-zsh-completion-5.1.24-150002.3.9.1 * mgrctl-bash-completion-5.1.24-150002.3.9.1 * supportutils-plugin-susemanager-client-5.1.5-150002.3.6.1 * spacewalk-client-tools-5.1.8-150002.3.6.1 * mgr-push-5.1.5-150002.3.6.2 * spacecmd-5.1.12-150002.3.6.1 * mgrctl-lang-5.1.24-150002.3.9.1 * python3-mgr-push-5.1.5-150002.3.6.2 * python3-rhnlib-5.1.4-150002.3.6.1 * SUSE Multi-Linux Manager Client Tools for SLE 15 (aarch64 ppc64le s390x x86_64) * grafana-11.5.10-150002.4.9.1 * golang-github-prometheus-alertmanager-0.28.1-150002.4.6.1 * golang-github-QubitProducts-exporter_exporter-0.4.0-150002.3.3.1 * golang-github-prometheus-prometheus-debuginfo-3.5.0-150002.3.3.1 * prometheus-blackbox_exporter-0.26.0-150002.3.3.1 * firewalld-prometheus-config-0.1-150002.3.3.1 * golang-github-prometheus-prometheus-3.5.0-150002.3.3.1 * mgrctl-5.1.24-150002.3.9.1 * golang-github-lusitaniae-apache_exporter-1.0.10-150002.3.3.1 * golang-github-lusitaniae-apache_exporter-debuginfo-1.0.10-150002.3.3.1 * golang-github-prometheus-node_exporter-1.9.1-150002.3.3.1 * golang-github-prometheus-node_exporter-debuginfo-1.9.1-150002.3.3.1 * mgrctl-debuginfo-5.1.24-150002.3.9.1 * python3-uyuni-common-libs-5.1.5-150002.3.3.1 * golang-github-boynux-squid_exporter-debuginfo-1.13.0-150002.3.3.1 * golang-github-prometheus-alertmanager-debuginfo-0.28.1-150002.4.6.1 * grafana-debuginfo-11.5.10-150002.4.9.1 * golang-github-boynux-squid_exporter-1.13.0-150002.3.3.1 * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 (noarch) * mgrctl-lang-5.1.24-150002.3.9.1 * dracut-saltboot-1.1.0-150002.3.6.1 * mgrctl-zsh-completion-5.1.24-150002.3.9.1 * mgrctl-bash-completion-5.1.24-150002.3.9.1 * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 (aarch64 ppc64le s390x x86_64) * golang-github-QubitProducts-exporter_exporter-0.4.0-150002.3.3.1 * prometheus-blackbox_exporter-0.26.0-150002.3.3.1 * mgrctl-debuginfo-5.1.24-150002.3.9.1 * golang-github-prometheus-node_exporter-1.9.1-150002.3.3.1 * golang-github-prometheus-node_exporter-debuginfo-1.9.1-150002.3.3.1 * mgrctl-5.1.24-150002.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2025-12816.html * https://www.suse.com/security/cve/CVE-2025-68156.html * https://bugzilla.suse.com/show_bug.cgi?id=1227579 * https://bugzilla.suse.com/show_bug.cgi?id=1247644 * https://bugzilla.suse.com/show_bug.cgi?id=1247721 * https://bugzilla.suse.com/show_bug.cgi?id=1248848 * https://bugzilla.suse.com/show_bug.cgi?id=1249400 * https://bugzilla.suse.com/show_bug.cgi?id=1249532 * https://bugzilla.suse.com/show_bug.cgi?id=1250940 * https://bugzilla.suse.com/show_bug.cgi?id=1250976 * https://bugzilla.suse.com/show_bug.cgi?id=1250981 * https://bugzilla.suse.com/show_bug.cgi?id=1251044 * https://bugzilla.suse.com/show_bug.cgi?id=1251138 * https://bugzilla.suse.com/show_bug.cgi?id=1251995 * https://bugzilla.suse.com/show_bug.cgi?id=1253004 * https://bugzilla.suse.com/show_bug.cgi?id=1253174 * https://bugzilla.suse.com/show_bug.cgi?id=1253282 * https://bugzilla.suse.com/show_bug.cgi?id=1253347 * https://bugzilla.suse.com/show_bug.cgi?id=1253659 * https://bugzilla.suse.com/show_bug.cgi?id=1253738 * https://bugzilla.suse.com/show_bug.cgi?id=1253966 * https://bugzilla.suse.com/show_bug.cgi?id=1254478 * https://bugzilla.suse.com/show_bug.cgi?id=1255340 * https://bugzilla.suse.com/show_bug.cgi?id=1255588 * https://bugzilla.suse.com/show_bug.cgi?id=1255781 * https://jira.suse.com/browse/MSQA-1040 * https://jira.suse.com/browse/PED-13824 * https://jira.suse.com/browse/PED-14971 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Feb 25 16:33:19 2026 From: null at suse.de (SUSE-MANAGER-UPDATES) Date: Wed, 25 Feb 2026 16:33:19 -0000 Subject: SUSE-SU-2026:0629-1: important: Security update 5.1.2 for Multi-Linux Manager Salt Bundle Message-ID: <177203719956.25.4827006809847689454@1822608de31d> # Security update 5.1.2 for Multi-Linux Manager Salt Bundle Announcement ID: SUSE-SU-2026:0629-1 Release Date: 2026-02-25T09:45:34Z Rating: important References: * bsc#1240532 * bsc#1246130 * bsc#1254325 * bsc#1254903 * bsc#1254904 * bsc#1254905 * jsc#MSQA-1040 Cross-References: * CVE-2025-67724 * CVE-2025-67725 * CVE-2025-67726 CVSS scores: * CVE-2025-67724 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-67724 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-67724 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-67724 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2025-67725 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-67725 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67725 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67726 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-67726 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67726 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Multi-Linux Manager Client Tools for SLE 12 An update that solves three vulnerabilities, contains one feature and has three security fixes can now be installed. ## Description: This update fixes the following issues: venv-salt-minion: * Backport security patches for Salt vendored tornado: * CVE-2025-67724: missing validation of supplied reason phrase (bsc#1254903) * CVE-2025-67725: fix DoS via malicious HTTP request (bsc#1254905) * CVE-2025-67726: fix HTTP header parameter parsing algorithm (bsc#1254904) * Make syntax in httputil_test compatible with Python 3.6 * Fix KeyError in postgres module with PostgreSQL 17 (bsc#1254325) * Use internal deb classes instead of external aptsource lib * Speed up wheel key.finger call (bsc#1240532) * Simplify and speed up utils.find_json function (bsc#1246130) * Extend warn_until period to 2027 ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for SLE 12 zypper in -t patch SUSE-MultiLinuxManagerTools-SLE-12-2026-629=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for SLE 12 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-120002.5.9.1 ## References: * https://www.suse.com/security/cve/CVE-2025-67724.html * https://www.suse.com/security/cve/CVE-2025-67725.html * https://www.suse.com/security/cve/CVE-2025-67726.html * https://bugzilla.suse.com/show_bug.cgi?id=1240532 * https://bugzilla.suse.com/show_bug.cgi?id=1246130 * https://bugzilla.suse.com/show_bug.cgi?id=1254325 * https://bugzilla.suse.com/show_bug.cgi?id=1254903 * https://bugzilla.suse.com/show_bug.cgi?id=1254904 * https://bugzilla.suse.com/show_bug.cgi?id=1254905 * https://jira.suse.com/browse/MSQA-1040 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Feb 25 16:33:53 2026 From: null at suse.de (SUSE-MANAGER-UPDATES) Date: Wed, 25 Feb 2026 16:33:53 -0000 Subject: SUSE-SU-2026:0628-1: important: Security update 5.1.2 for Multi-Linux Manager Client Tools Message-ID: <177203723395.25.8921323800964457490@1822608de31d> # Security update 5.1.2 for Multi-Linux Manager Client Tools Announcement ID: SUSE-SU-2026:0628-1 Release Date: 2026-02-25T09:44:32Z Rating: important References: * bsc#1227579 * bsc#1247644 * bsc#1247721 * bsc#1248848 * bsc#1249400 * bsc#1249532 * bsc#1250940 * bsc#1250976 * bsc#1250981 * bsc#1251044 * bsc#1251138 * bsc#1251995 * bsc#1253174 * bsc#1253282 * bsc#1253347 * bsc#1253659 * bsc#1253738 * bsc#1253966 * bsc#1254478 * bsc#1255340 * bsc#1255588 * bsc#1255781 * jsc#MSQA-1040 * jsc#PED-13824 * jsc#PED-14971 Cross-References: * CVE-2025-12816 * CVE-2025-68156 CVSS scores: * CVE-2025-12816 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N * CVE-2025-12816 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N * CVE-2025-68156 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Multi-Linux Manager Client Tools for SLE 12 An update that solves two vulnerabilities, contains three features and has 20 security fixes can now be installed. ## Description: This update fixes the following issues: golang-github-QubitProducts-exporter_exporter: * Non-customer-facing optimization around source building golang-github-boynux-squid_exporter: * Update to version 1.13.0 (jsc#PED-14971) * Add support for squid-internal-mgr path for metrics. * Update to version 1.12.0 * Add TLS and basic authentication support for the web interface. * Update to version 1.11.0 * Allow adding custom labels to all metrics. * Update to version 1.10.0 * Add ability to configure the exporter using environment variables. * Add support for Squid 6 * Add `squid_up` metric * Add `squid_scrape_duration_seconds` metric * Add `squid_scrape_error` metric * Update to version 1.9.0 * Add `process_open_fds` metric to monitor open file descriptors. * Use `CAP_DAC_READ_SEARCH` capability to allow reading process information without running as root. * Update to version 1.8.0 * Add various service time metrics to provide more detailed performance data. * Update to version 1.7.0 * Add support for basic authentication against the Squid proxy. * Fix `squid_client_http_requests_total` metric * Upstream changes for v1.9.0: * Use `CAP_DAC_READ_SEARCH` capability to allow reading process information without running as root. * Upstream changes for v1.8.0: * Add various service time metrics to provide more detailed performance data. * Upstream changes for v1.7.0: Squid proxy.Update to version 1.10.0 * Add ability to configure the exporter using environment variables. * Add `process_open_fds` metric to monitor open file descriptors. * Use `CAP_DAC_READ_SEARCH` capability to allow reading process information without running as root. * Add various service time metrics to provide more detailed performance data. * Add support for basic authentication against the Squid proxy. * Use current distro go default version. Use auto-versioning on SUSE as well. golang-github-lusitaniae-apache_exporter: * Build without apparmor for openSUSE Leap 16, SLES 16 or newer * Update to version 1.0.10 * Update github.com/prometheus/client_golang to 1.21.1 * Update github.com/prometheus/common to 0.63.0 * Update github.com/prometheus/exporter-toolkit to 0.14.0 * Update to version 1.0.9 * Update github.com/prometheus/client_golang to 1.20.4 * Update github.com/prometheus/common to 0.59.1 * Update github.com/prometheus/exporter-toolkit to 0.13.0 * Migrate logging to log/slog * Fix signal handler logging golang-github-prometheus-alertmanager: * Require gcc11-c++ for building with SLE 12 golang-github-prometheus-node_exporter: * Require gcc11-c++ for building with SLE 12 golang-github-prometheus-prometheus: * Security issues fixed: * CVE-2025-12816: Interpretation conflict vulnerability allowing bypassing cryptographic verifications (bsc#1255588) * Update to 3.5.0 (jsc#PED-13824): This is a Long-Term Support (LTS) release. * [FEATURE] Remote-write: Add support for Azure Workload Identity as an authentication method for the receiver. * [FEATURE] PromQL: Add first_over_time(...) and ts_of_first_over_time(...) behind feature flag. * [FEATURE] Federation: Add support for native histograms with custom buckets (NHCB). * [ENHANCEMENT] PromQL: Add warn-level annotations for counter reset conflicts in certain histogram operations. * [ENHANCEMENT] UI: Add scrape interval and scrape timeout to targets page. * Update to 3.4.0: * [FEATURE] SD: Add unified AWS service discovery for ec2, lightsail and ecs services. * [FEATURE] Native histograms are now a stable, but optional feature. * [FEATURE] UI: Show detailed relabeling steps for each discovered target. * [ENHANCEMENT] Alerting: Add "unknown" state for alerting rules that haven't been evaluated yet. * [BUGFIX] Scrape: Fix a bug where scrape cache would not be cleared on startup. * Update to 3.3.0: * [FEATURE] Spring Boot 3.3 includes support for the Prometheus Client 1.x. * [ENHANCEMENT] Dependency management for Dropwizard Metrics has been removed. * Update to 3.2.0: * [FEATURE] OAuth2: support jwt-bearer grant-type (RFC7523 3.1). * [ENHANCEMENT] PromQL: Reconcile mismatched NHCB bounds in Add and Sub. * [BUGFIX] TSDB: Native Histogram Custom Bounds with a NaN threshold are now rejected. * Update to 3.1.0: * [FEATURE] Remote-write 2 (receiving): Update to 2.0-rc.4 spec. "created timestamp" (CT) is now called "start timestamp" (ST). * [BUGFIX] Mixin: Add static UID to the remote-write dashboard. * Update to 3.0.1: * [BUGFIX] Promql: Make subqueries left open. * [BUGFIX] Fix memory leak when query log is enabled. * [BUGFIX] Support utf8 names on /v1/label/:name/values endpoint. * Update to 3.0.0: This release includes new features such as a brand new UI and UTF-8 support enabled by default. * [CHANGE] Deprecated feature flags removed. * [FEATURE] New UI. * [FEATURE] Remote Write 2.0. * [FEATURE] OpenTelemetry Support. * [FEATURE] UTF-8 support is now stable and enabled by default. * [FEATURE] OTLP Ingestion. * [FEATURE] Native Histograms. * [BUGFIX] PromQL: Fix count_values for histograms. * [BUGFIX] TSDB: Fix race on stale values in headAppender. * [BUGFIX] UI: Fix selector / series formatting for empty metric names. * Update to 2.55.0: * [FEATURE] PromQL: Add `last_over_time` function. * [FEATURE] Agent: Add `prometheus_agent_build_info` metric. * [ENHANCEMENT] PromQL: Optimise `group()` and `group by()`. * [ENHANCEMENT] TSDB: Reduce memory usage when loading blocks. * [BUGFIX] Scrape: Fix a bug where a target could be scraped multiple times. * Update to 2.54.0: This release brings a release candidate of a major new version of Remote Write: 2.0. * [CHANGE] Remote-Write: highest_timestamp_in_seconds and queue_highest_sent_timestamp_seconds metrics now initialized to 0. * [CHANGE] API: Split warnings from info annotations in API response. * [FEATURE] Remote-Write: Version 2.0 experimental, plus metadata in WAL via feature flag. * [FEATURE] PromQL: add limitk() and limit_ratio() aggregation operators. * [ENHANCEMENT] PromQL: Accept underscores in literal numbers. * [ENHANCEMENT] PromQL: float literal numbers and durations are now interchangeable (experimental). * [ENHANCEMENT] PromQL (experimental native histograms): Optimize histogram_count and histogram_sum functions. * [BUGFIX] PromQL: Fix various issues with native histograms. * [BUGFIX] OTLP receiver: Allow colons in non-standard units. * Require gcc11-c++ for building with SLE 12 grafana: * CVE-2025-68156: Fix potential DoS via unbounded recursion in builtin functions (bsc#1255340) mgr-push: * Version 5.1.5-0 * Non-customer-facing optimization and update prometheus-blackbox_exporter: * Non-customer-facing optimization and update rhnlib: * Version 5.1.4-0 * Non-customer-facing optimization and update spacecmd: * Version 5.1.12-0 * Fix spacecmd binary file upload (bsc#1253659) * Fix typo in spacecmd help ca-cert flag (bsc#1253174) * Convert cached IDs to int (bsc#1251995) * Fix methods in api namespace in spacecmd (bsc#1249532) * Make caching code Py 2.7 compatible * Use JSON instead of pickle for spacecmd cache (bsc#1227579) * Python 2.7 cannot re-raise exceptions spacewalk-client-tools: * Version 5.1.8-0 * Non-customer-facing optimization and update supportutils-plugin-susemanager-client: * Version 5.1.5-0 * Non-customer-facing optimization and update uyuni-common-libs: * Version 5.1.5-0 * Non-customer-facing optimization and update uyuni-tools: * Version 5.1.24-0 * Actually use the --dbupgrade-tag parameter when computing the image URL (bsc#1249400) * Handle CA files with symlinks during migration (bsc#1251044) * Adjust traefik exposed configuration for chart v27+ (bsc#1247721) * Fix systemd object initialization in server rename. (bsc#1250981) * Add SSL secrets to the db setup container during migration. (bsc#1250976) * Fix images handling in mgrpxy support ptf (bsc#1250940) * Fix helm upgrade parameters (bsc#1253966) * Detect custom apache and squid config in the /etc/uyuni/proxy folder * Add ssh tuning to configure sshd (bsc#1253738) * Move the SSL checks at the beginning of the migration * Remove cgroup mount for podman containers (bsc#1253347) * Convert the traefik install time to local time (bsc#1251138) * During migration, krb5.conf.d should be copied in /etc/rhn (bsc#1254478) * Read env var from http conf file (bsc#1253282) * Add --registry-host, --registry-user and --registry-password to pull images from an authenticate registry * Deprecate --registry * Unify backup create and restore dryrun option case * Fix calling of squid -z in mgrpxy cache clear (bsc#1247644) * Always start database container even if enabled * Remove extra ipv6 mapping and nftables workaround (bsc#1248848) * Remove old PostgreSQL exporter environment file before migration * Support config command parse correctly supportconfig output (bsc#1255781) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for SLE 12 zypper in -t patch SUSE-MultiLinuxManagerTools-SLE-12-2026-628=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for SLE 12 (aarch64 ppc64le s390x x86_64) * golang-github-boynux-squid_exporter-1.13.0-120002.3.3.1 * grafana-11.5.10-120002.4.9.1 * golang-github-boynux-squid_exporter-debuginfo-1.13.0-120002.3.3.1 * grafana-debuginfo-11.5.10-120002.4.9.1 * golang-github-prometheus-prometheus-debuginfo-3.5.0-120002.3.3.1 * golang-github-QubitProducts-exporter_exporter-0.4.0-120002.3.3.1 * golang-github-prometheus-node_exporter-debuginfo-1.9.1-120002.3.3.1 * golang-github-prometheus-node_exporter-1.9.1-120002.3.3.1 * golang-github-prometheus-prometheus-3.5.0-120002.3.3.1 * golang-github-lusitaniae-apache_exporter-1.0.10-120002.3.3.1 * golang-github-lusitaniae-apache_exporter-debuginfo-1.0.10-120002.3.3.1 * mgrctl-5.1.24-120002.3.9.1 * prometheus-blackbox_exporter-debuginfo-0.26.0-120002.3.3.1 * golang-github-prometheus-alertmanager-0.28.1-120002.4.6.1 * prometheus-blackbox_exporter-0.26.0-120002.3.3.1 * golang-github-prometheus-alertmanager-debuginfo-0.28.1-120002.4.6.1 * python2-uyuni-common-libs-5.1.5-120002.3.3.1 * SUSE Multi-Linux Manager Client Tools for SLE 12 (noarch) * spacewalk-client-tools-5.1.8-120002.3.6.1 * python2-rhnlib-5.1.4-120002.3.6.1 * spacecmd-5.1.12-120002.3.6.1 * supportutils-plugin-susemanager-client-5.1.5-120002.3.6.1 * mgr-push-5.1.5-120002.3.6.1 * python2-mgr-push-5.1.5-120002.3.6.1 * python2-spacewalk-client-tools-5.1.8-120002.3.6.1 * mgrctl-lang-5.1.24-120002.3.9.1 * mgrctl-bash-completion-5.1.24-120002.3.9.1 * mgrctl-zsh-completion-5.1.24-120002.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2025-12816.html * https://www.suse.com/security/cve/CVE-2025-68156.html * https://bugzilla.suse.com/show_bug.cgi?id=1227579 * https://bugzilla.suse.com/show_bug.cgi?id=1247644 * https://bugzilla.suse.com/show_bug.cgi?id=1247721 * https://bugzilla.suse.com/show_bug.cgi?id=1248848 * https://bugzilla.suse.com/show_bug.cgi?id=1249400 * https://bugzilla.suse.com/show_bug.cgi?id=1249532 * https://bugzilla.suse.com/show_bug.cgi?id=1250940 * https://bugzilla.suse.com/show_bug.cgi?id=1250976 * https://bugzilla.suse.com/show_bug.cgi?id=1250981 * https://bugzilla.suse.com/show_bug.cgi?id=1251044 * https://bugzilla.suse.com/show_bug.cgi?id=1251138 * https://bugzilla.suse.com/show_bug.cgi?id=1251995 * https://bugzilla.suse.com/show_bug.cgi?id=1253174 * https://bugzilla.suse.com/show_bug.cgi?id=1253282 * https://bugzilla.suse.com/show_bug.cgi?id=1253347 * https://bugzilla.suse.com/show_bug.cgi?id=1253659 * https://bugzilla.suse.com/show_bug.cgi?id=1253738 * https://bugzilla.suse.com/show_bug.cgi?id=1253966 * https://bugzilla.suse.com/show_bug.cgi?id=1254478 * https://bugzilla.suse.com/show_bug.cgi?id=1255340 * https://bugzilla.suse.com/show_bug.cgi?id=1255588 * https://bugzilla.suse.com/show_bug.cgi?id=1255781 * https://jira.suse.com/browse/MSQA-1040 * https://jira.suse.com/browse/PED-13824 * https://jira.suse.com/browse/PED-14971 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Feb 25 16:34:11 2026 From: null at suse.de (SUSE-MANAGER-UPDATES) Date: Wed, 25 Feb 2026 16:34:11 -0000 Subject: SUSE-SU-2026:0627-1: important: Security update 5.1.2 for Multi-Linux Manager Client Tools Message-ID: <177203725118.25.10634922212402266721@1822608de31d> # Security update 5.1.2 for Multi-Linux Manager Client Tools Announcement ID: SUSE-SU-2026:0627-1 Release Date: 2026-02-25T09:44:02Z Rating: important References: * bsc#1227579 * bsc#1240532 * bsc#1246130 * bsc#1249532 * bsc#1251995 * bsc#1253174 * bsc#1253659 * bsc#1254325 * bsc#1254903 * bsc#1254904 * bsc#1254905 * jsc#MSQA-1040 Cross-References: * CVE-2025-67724 * CVE-2025-67725 * CVE-2025-67726 CVSS scores: * CVE-2025-67724 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-67724 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-67724 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-67724 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2025-67725 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-67725 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67725 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67726 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-67726 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67726 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 7, RHEL and clones An update that solves three vulnerabilities, contains one feature and has eight security fixes can now be installed. ## Description: This update fixes the following issues: golang-github-QubitProducts-exporter_exporter: * Non-customer-facing optimization around source building golang-github-lusitaniae-apache_exporter: * Build without apparmor for openSUSE Leap 16, SLES 16 or newer * Require Go 1.23 for building * Update to version 1.0.10 * Update github.com/prometheus/client_golang to 1.21.1 * Update github.com/prometheus/common to 0.63.0 * Update github.com/prometheus/exporter-toolkit to 0.14.0 * Update to version 1.0.9 * Update github.com/prometheus/client_golang to 1.20.4 * Update github.com/prometheus/common to 0.59.1 * Update github.com/prometheus/exporter-toolkit to 0.13.0 * Migrate logging to log/slog * Fix signal handler logging mgr-push: * Version 5.1.5-0 * Non-customer-facing optimization and update rhnlib: * Version 5.1.4-0 * Non-customer-facing optimization and update spacecmd: * Version 5.1.12-0 * Fix spacecmd binary file upload (bsc#1253659) * Fix typo in spacecmd help ca-cert flag (bsc#1253174) * Convert cached IDs to int (bsc#1251995) * Fix methods in api namespace in spacecmd (bsc#1249532) * Make caching code Py 2.7 compatible * Use JSON instead of pickle for spacecmd cache (bsc#1227579) * Python 2.7 cannot re-raise exceptions spacewalk-client-tools: * Version 5.1.8-0 * Non-customer-facing optimization and update uyuni-common-libs: * Version 5.1.5-0 * Non-customer-facing optimization and update venv-salt-minion: * Backport security patches for Salt vendored tornado: * CVE-2025-67724: missing validation of supplied reason phrase (bsc#1254903) * CVE-2025-67725: fix DoS via malicious HTTP request (bsc#1254905) * CVE-2025-67726: fix HTTP header parameter parsing algorithm (bsc#1254904) * Make syntax in httputil_test compatible with Python 3.6 * Fix KeyError in postgres module with PostgreSQL 17 (bsc#1254325) * Use internal deb classes instead of external aptsource lib * Speed up wheel key.finger call (bsc#1240532) * Simplify and speed up utils.find_json function (bsc#1246130) * Extend warn_until period to 2027 ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 7, RHEL and clones zypper in -t patch SUSE-MultiLinuxManagerTools-RES-7-2026-627=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 7, RHEL and clones (aarch64 ppc64le x86_64) * python2-uyuni-common-libs-5.1.5-70002.3.3.1 * golang-github-lusitaniae-apache_exporter-1.0.10-70002.3.3.1 * venv-salt-minion-3006.0-70002.5.9.1 * golang-github-QubitProducts-exporter_exporter-0.4.0-70002.3.3.1 * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 7, RHEL and clones (noarch) * python2-spacewalk-client-tools-5.1.8-70002.3.6.1 * python2-mgr-push-5.1.5-70002.3.6.2 * python2-rhnlib-5.1.4-70002.3.6.1 * spacewalk-client-tools-5.1.8-70002.3.6.1 * mgr-push-5.1.5-70002.3.6.2 * spacecmd-5.1.12-70002.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2025-67724.html * https://www.suse.com/security/cve/CVE-2025-67725.html * https://www.suse.com/security/cve/CVE-2025-67726.html * https://bugzilla.suse.com/show_bug.cgi?id=1227579 * https://bugzilla.suse.com/show_bug.cgi?id=1240532 * https://bugzilla.suse.com/show_bug.cgi?id=1246130 * https://bugzilla.suse.com/show_bug.cgi?id=1249532 * https://bugzilla.suse.com/show_bug.cgi?id=1251995 * https://bugzilla.suse.com/show_bug.cgi?id=1253174 * https://bugzilla.suse.com/show_bug.cgi?id=1253659 * https://bugzilla.suse.com/show_bug.cgi?id=1254325 * https://bugzilla.suse.com/show_bug.cgi?id=1254903 * https://bugzilla.suse.com/show_bug.cgi?id=1254904 * https://bugzilla.suse.com/show_bug.cgi?id=1254905 * https://jira.suse.com/browse/MSQA-1040 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Feb 25 16:34:28 2026 From: null at suse.de (SUSE-MANAGER-UPDATES) Date: Wed, 25 Feb 2026 16:34:28 -0000 Subject: SUSE-SU-2026:0626-1: important: Security update 5.1.2 for Multi-Linux Manager Client Tools Message-ID: <177203726880.25.3836391417587823085@1822608de31d> # Security update 5.1.2 for Multi-Linux Manager Client Tools Announcement ID: SUSE-SU-2026:0626-1 Release Date: 2026-02-25T09:42:55Z Rating: important References: * bsc#1227579 * bsc#1240532 * bsc#1246130 * bsc#1249532 * bsc#1251995 * bsc#1253174 * bsc#1253659 * bsc#1254325 * bsc#1254903 * bsc#1254904 * bsc#1254905 * jsc#ECO-3319 * jsc#MSQA-1040 Cross-References: * CVE-2025-67724 * CVE-2025-67725 * CVE-2025-67726 CVSS scores: * CVE-2025-67724 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-67724 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-67724 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-67724 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2025-67725 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-67725 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67725 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67726 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-67726 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67726 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 8, RHEL and clones An update that solves three vulnerabilities, contains two features and has eight security fixes can now be installed. ## Description: This update fixes the following issues: golang-github-QubitProducts-exporter_exporter: * Non-customer-facing optimization around source building golang-github-lusitaniae-apache_exporter: * Build without apparmor for openSUSE Leap 16, SLES 16 or newer * Require Go 1.23 for building * Update to version 1.0.10 * Update github.com/prometheus/client_golang to 1.21.1 * Update github.com/prometheus/common to 0.63.0 * Update github.com/prometheus/exporter-toolkit to 0.14.0 * Update to version 1.0.9 * Update github.com/prometheus/client_golang to 1.20.4 * Update github.com/prometheus/common to 0.59.1 * Update github.com/prometheus/exporter-toolkit to 0.13.0 * Migrate logging to log/slog * Fix signal handler logging scap-security-guide: * Updated to 0.1.79 (jsc#ECO-3319) * Add rhcos4 Profile for BSI Grundschutz * Create SLE15 general profile * Remove OCP STIG V1R1 * Remove OCP STIG V2R1 * Various updates for SLE 12/15 * Updated to 0.1.78 (jsc#ECO-3319) * Enable SCE content for problematic rules that can traverse the whole filesystem * Remove unnecessary Jinja2 macros in control files * Update RHEL 8 STIG to V2R4 and RHEL 9 STIG to V2R5 * Add Debian 13 profile for ANSSI BP 28 (enhanced) * Create SLEM5 General profile * Create SL Micro 6 product and general profile * Update SLE15 STIG version to V2R5 * Update SLE12 STIG version to V3R3 * Update SLEM5 STIG version to V1R2 * Remove the CIS profiles from all products * Remove the CIS profiles from the tarball spacecmd: * Version 5.1.12-0 * Fix spacecmd binary file upload (bsc#1253659) * Fix typo in spacecmd help ca-cert flag (bsc#1253174) * Convert cached IDs to int (bsc#1251995) * Fix methods in api namespace in spacecmd (bsc#1249532) * Make caching code Py 2.7 compatible * Use JSON instead of pickle for spacecmd cache (bsc#1227579) * Python 2.7 cannot re-raise exceptions venv-salt-minion: * Backport security patches for Salt vendored tornado: * CVE-2025-67724: missing validation of supplied reason phrase (bsc#1254903) * CVE-2025-67725: fix DoS via malicious HTTP request (bsc#1254905) * CVE-2025-67726: fix HTTP header parameter parsing algorithm (bsc#1254904) * Make syntax in httputil_test compatible with Python 3.6 * Fix KeyError in postgres module with PostgreSQL 17 (bsc#1254325) * Use internal deb classes instead of external aptsource lib * Speed up wheel key.finger call (bsc#1240532) * Simplify and speed up utils.find_json function (bsc#1246130) * Extend warn_until period to 2027 ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 8, RHEL and clones zypper in -t patch SUSE-MultiLinuxManagerTools-EL-8-2026-626=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 8, RHEL and clones (aarch64 ppc64le x86_64) * mgrctl-5.1.24-80002.3.6.1 * golang-github-QubitProducts-exporter_exporter-debugsource-0.4.0-80002.3.3.1 * golang-github-lusitaniae-apache_exporter-1.0.10-80002.3.3.1 * golang-github-QubitProducts-exporter_exporter-debuginfo-0.4.0-80002.3.3.1 * golang-github-QubitProducts-exporter_exporter-0.4.0-80002.3.3.1 * venv-salt-minion-3006.0-80002.5.9.1 * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 8, RHEL and clones (noarch) * mgrctl-zsh-completion-5.1.24-80002.3.6.1 * spacecmd-5.1.12-80002.3.6.1 * mgrctl-bash-completion-5.1.24-80002.3.6.1 * scap-security-guide-redhat-0.1.79-80002.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2025-67724.html * https://www.suse.com/security/cve/CVE-2025-67725.html * https://www.suse.com/security/cve/CVE-2025-67726.html * https://bugzilla.suse.com/show_bug.cgi?id=1227579 * https://bugzilla.suse.com/show_bug.cgi?id=1240532 * https://bugzilla.suse.com/show_bug.cgi?id=1246130 * https://bugzilla.suse.com/show_bug.cgi?id=1249532 * https://bugzilla.suse.com/show_bug.cgi?id=1251995 * https://bugzilla.suse.com/show_bug.cgi?id=1253174 * https://bugzilla.suse.com/show_bug.cgi?id=1253659 * https://bugzilla.suse.com/show_bug.cgi?id=1254325 * https://bugzilla.suse.com/show_bug.cgi?id=1254903 * https://bugzilla.suse.com/show_bug.cgi?id=1254904 * https://bugzilla.suse.com/show_bug.cgi?id=1254905 * https://jira.suse.com/browse/ECO-3319 * https://jira.suse.com/browse/MSQA-1040 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Feb 25 16:35:12 2026 From: null at suse.de (SUSE-MANAGER-UPDATES) Date: Wed, 25 Feb 2026 16:35:12 -0000 Subject: SUSE-SU-2026:0625-1: important: Security update 5.1.2 for Multi-Linux Manager Client Tools Message-ID: <177203731266.25.3815629948689118288@1822608de31d> # Security update 5.1.2 for Multi-Linux Manager Client Tools Announcement ID: SUSE-SU-2026:0625-1 Release Date: 2026-02-25T09:41:52Z Rating: important References: * bsc#1227579 * bsc#1240532 * bsc#1246130 * bsc#1247644 * bsc#1247721 * bsc#1248848 * bsc#1249400 * bsc#1249434 * bsc#1249532 * bsc#1250940 * bsc#1250976 * bsc#1250981 * bsc#1251044 * bsc#1251138 * bsc#1251995 * bsc#1253174 * bsc#1253282 * bsc#1253347 * bsc#1253659 * bsc#1253738 * bsc#1253966 * bsc#1254325 * bsc#1254478 * bsc#1254903 * bsc#1254904 * bsc#1254905 * bsc#1255781 * jsc#ECO-3319 * jsc#MSQA-1040 Cross-References: * CVE-2025-67724 * CVE-2025-67725 * CVE-2025-67726 CVSS scores: * CVE-2025-67724 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-67724 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-67724 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-67724 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2025-67725 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-67725 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67725 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67726 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-67726 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67726 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 9, RHEL and clones An update that solves three vulnerabilities, contains two features and has 24 security fixes can now be installed. ## Description: This update fixes the following issues: golang-github-QubitProducts-exporter_exporter: * Non-customer-facing optimization around source building golang-github-lusitaniae-apache_exporter: * Build without apparmor for openSUSE Leap 16, SLES 16 or newer * Require Go 1.23 for building * Update to version 1.0.10 * Update github.com/prometheus/client_golang to 1.21.1 * Update github.com/prometheus/common to 0.63.0 * Update github.com/prometheus/exporter-toolkit to 0.14.0 * Update to version 1.0.9 * Update github.com/prometheus/client_golang to 1.20.4 * Update github.com/prometheus/common to 0.59.1 * Update github.com/prometheus/exporter-toolkit to 0.13.0 * Migrate logging to log/slog * Fix signal handler logging scap-security-guide: * Updated to 0.1.79 (jsc#ECO-3319) * Add rhcos4 Profile for BSI Grundschutz * Create SLE15 general profile * Remove OCP STIG V1R1 * Remove OCP STIG V2R1 * Various updates for SLE 12/15 * Updated to 0.1.78 (jsc#ECO-3319) * Enable SCE content for problematic rules that can traverse the whole filesystem * Remove unnecessary Jinja2 macros in control files * Update RHEL 8 STIG to V2R4 and RHEL 9 STIG to V2R5 * Add Debian 13 profile for ANSSI BP 28 (enhanced) * Create SLEM5 General profile * Create SL Micro 6 product and general profile * Update SLE15 STIG version to V2R5 * Update SLE12 STIG version to V3R3 * Update SLEM5 STIG version to V1R2 * Remove the CIS profiles from all products * Remove the CIS profiles from the tarball spacecmd: * Version 5.1.12-0 * Fix spacecmd binary file upload (bsc#1253659) * Fix typo in spacecmd help ca-cert flag (bsc#1253174) * Convert cached IDs to int (bsc#1251995) * Fix methods in api namespace in spacecmd (bsc#1249532) * Make caching code Py 2.7 compatible * Use JSON instead of pickle for spacecmd cache (bsc#1227579) * Python 2.7 cannot re-raise exceptions uyuni-tools: * Version 5.1.24-0 * Actually use the --dbupgrade-tag parameter when computing the image URL (bsc#1249400) * Handle CA files with symlinks during migration (bsc#1251044) * Adjust traefik exposed configuration for chart v27+ (bsc#1247721) * Fix systemd object initialization in server rename. (bsc#1250981) * Add SSL secrets to the db setup container during migration. (bsc#1250976) * Fix images handling in mgrpxy support ptf (bsc#1250940) * Fix helm upgrade parameters (bsc#1253966) * Detect custom apache and squid config in the /etc/uyuni/proxy folder * Add ssh tuning to configure sshd (bsc#1253738) * Move the SSL checks at the beginning of the migration * Remove cgroup mount for podman containers (bsc#1253347) * Convert the traefik install time to local time (bsc#1251138) * During migration, krb5.conf.d should be copied in /etc/rhn (bsc#1254478) * Read env var from http conf file (bsc#1253282) * Add --registry-host, --registry-user and --registry-password to pull images from an authenticate registry * Deprecate --registry * Unify backup create and restore dryrun option case * Fix calling of squid -z in mgrpxy cache clear (bsc#1247644) * Always start database container even if enabled * Remove extra ipv6 mapping and nftables workaround (bsc#1248848) * Remove old PostgreSQL exporter environment file before migration * Support config command parse correctly supportconfig output (bsc#1255781) * Version 5.1.23-0 * Update the default tag * Version 5.1.22-0 * Fix cobbler config migration to standalone files * Fix generated DB certificate subject alternate names * Version 5.1.21-0 * Remove extraneous quotes when getting the running image (bsc#1249434) venv-salt-minion: * Backport security patches for Salt vendored tornado: * CVE-2025-67724: missing validation of supplied reason phrase (bsc#1254903) * CVE-2025-67725: fix DoS via malicious HTTP request (bsc#1254905) * CVE-2025-67726: fix HTTP header parameter parsing algorithm (bsc#1254904) * Make syntax in httputil_test compatible with Python 3.6 * Fix KeyError in postgres module with PostgreSQL 17 (bsc#1254325) * Use internal deb classes instead of external aptsource lib * Speed up wheel key.finger call (bsc#1240532) * Simplify and speed up utils.find_json function (bsc#1246130) * Extend warn_until period to 2027 ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 9, RHEL and clones zypper in -t patch SUSE-MultiLinuxManagerTools-EL-9-2026-625=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 9, RHEL and clones (aarch64 ppc64le s390x x86_64) * golang-github-lusitaniae-apache_exporter-1.0.10-90002.3.3.1 * golang-github-QubitProducts-exporter_exporter-0.4.0-90002.3.3.1 * golang-github-QubitProducts-exporter_exporter-debugsource-0.4.0-90002.3.3.1 * golang-github-QubitProducts-exporter_exporter-debuginfo-0.4.0-90002.3.3.1 * venv-salt-minion-3006.0-90002.5.9.1 * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 9, RHEL and clones (aarch64 ppc64le s390x) * mgrctl-5.1.24-90002.3.6.1 * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 9, RHEL and clones (noarch) * mgrctl-zsh-completion-5.1.24-90002.3.6.1 * spacecmd-5.1.12-90002.3.6.1 * scap-security-guide-redhat-0.1.79-90002.3.6.1 * mgrctl-bash-completion-5.1.24-90002.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2025-67724.html * https://www.suse.com/security/cve/CVE-2025-67725.html * https://www.suse.com/security/cve/CVE-2025-67726.html * https://bugzilla.suse.com/show_bug.cgi?id=1227579 * https://bugzilla.suse.com/show_bug.cgi?id=1240532 * https://bugzilla.suse.com/show_bug.cgi?id=1246130 * https://bugzilla.suse.com/show_bug.cgi?id=1247644 * https://bugzilla.suse.com/show_bug.cgi?id=1247721 * https://bugzilla.suse.com/show_bug.cgi?id=1248848 * https://bugzilla.suse.com/show_bug.cgi?id=1249400 * https://bugzilla.suse.com/show_bug.cgi?id=1249434 * https://bugzilla.suse.com/show_bug.cgi?id=1249532 * https://bugzilla.suse.com/show_bug.cgi?id=1250940 * https://bugzilla.suse.com/show_bug.cgi?id=1250976 * https://bugzilla.suse.com/show_bug.cgi?id=1250981 * https://bugzilla.suse.com/show_bug.cgi?id=1251044 * https://bugzilla.suse.com/show_bug.cgi?id=1251138 * https://bugzilla.suse.com/show_bug.cgi?id=1251995 * https://bugzilla.suse.com/show_bug.cgi?id=1253174 * https://bugzilla.suse.com/show_bug.cgi?id=1253282 * https://bugzilla.suse.com/show_bug.cgi?id=1253347 * https://bugzilla.suse.com/show_bug.cgi?id=1253659 * https://bugzilla.suse.com/show_bug.cgi?id=1253738 * https://bugzilla.suse.com/show_bug.cgi?id=1253966 * https://bugzilla.suse.com/show_bug.cgi?id=1254325 * https://bugzilla.suse.com/show_bug.cgi?id=1254478 * https://bugzilla.suse.com/show_bug.cgi?id=1254903 * https://bugzilla.suse.com/show_bug.cgi?id=1254904 * https://bugzilla.suse.com/show_bug.cgi?id=1254905 * https://bugzilla.suse.com/show_bug.cgi?id=1255781 * https://jira.suse.com/browse/ECO-3319 * https://jira.suse.com/browse/MSQA-1040 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Feb 25 16:36:10 2026 From: null at suse.de (SUSE-MANAGER-UPDATES) Date: Wed, 25 Feb 2026 16:36:10 -0000 Subject: SUSE-RU-2026:0624-1: important: Maintenance update for Multi-Linux Manager 5.1: Server, Proxy and Retail Branch Server Message-ID: <177203737019.25.9951681950097082735@1822608de31d> # Maintenance update for Multi-Linux Manager 5.1: Server, Proxy and Retail Branch Server Announcement ID: SUSE-RU-2026:0624-1 Release Date: 2026-02-25T09:40:41Z Rating: important References: * bsc#1240532 * bsc#1246130 * bsc#1247644 * bsc#1247687 * bsc#1247721 * bsc#1248848 * bsc#1249155 * bsc#1249400 * bsc#1250940 * bsc#1250976 * bsc#1250981 * bsc#1251044 * bsc#1251138 * bsc#1252020 * bsc#1253282 * bsc#1253347 * bsc#1253738 * bsc#1253773 * bsc#1253966 * bsc#1254316 * bsc#1254325 * bsc#1254400 * bsc#1254478 * bsc#1254903 * bsc#1254904 * bsc#1254905 * bsc#1255781 * bsc#1256991 * bsc#1257147 * bsc#1257255 * bsc#1257538 * bsc#1257992 * bsc#1258082 * bsc#1258164 * bsc#1258366 * bsc#1258369 * bsc#1258418 * jsc#MSQA-1040 Cross-References: * CVE-2025-13836 * CVE-2025-67724 * CVE-2025-67725 * CVE-2025-67726 CVSS scores: * CVE-2025-13836 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13836 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-13836 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13836 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67724 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-67724 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-67724 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2025-67724 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-67725 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-67725 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67725 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67726 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-67726 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67726 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 15 SP7 * SUSE Multi-Linux Manager Proxy 5.1 Extension for SLE * SUSE Multi-Linux Manager Retail Branch Server 5.1 Extension for SLE * SUSE Multi-Linux Manager Server 5.1 Extension for SLE An update that solves four vulnerabilities, contains one feature and has 33 fixes can now be installed. ## Recommended update 5.1.2 for Multi-Linux Manager Proxy ### Description: This update fixes the following issues: proxy-httpd-image: * Version 5.1.13 * Add support for a timeout property in the configuration (bsc#1252020) * Cleanup and simplify image building proxy-salt-broker-image: * Version 5.1.12 * Cleanup and simplify image building proxy-squid-image: * Version 5.1.11 * Configure squid replacement policy properly before cache dir (bsc#1253773) * Add missing USER squid directive * Cleanup and simplify image building * Allow override all parameters in squid conf (bsc#1250940) * Set the default timeout for /pub to 30min (bsc#1247644) proxy-ssh-image: * Version 5.1.11 * Cleanup and simplify image building proxy-tftpd-image: * Version 5.1.11 * Cleanup and simplify image building uyuni-storage-setup: * Version 5.1.4-0 * Add CreateArchive directive for git workflow usage uyuni-tools: * Version 5.1.24-0 * Actually use the --dbupgrade-tag parameter when computing the image URL (bsc#1249400) * Handle CA files with symlinks during migration (bsc#1251044) * Adjust traefik exposed configuration for chart v27+ (bsc#1247721) * Fix systemd object initialization in server rename. (bsc#1250981) * Add SSL secrets to the db setup container during migration. (bsc#1250976) * Fix images handling in mgrpxy support ptf (bsc#1250940) * Fix helm upgrade parameters (bsc#1253966) * Detect custom apache and squid config in the /etc/uyuni/proxy folder * Add ssh tuning to configure sshd (bsc#1253738) * Move the SSL checks at the begining of the migration * Remove cgroup mount for podman containers (bsc#1253347) * Convert the traefik install time to local time (bsc#1251138) * During migration, krb5.conf.d should be copied in /etc/rhn (bsc#1254478) * Read env var from http conf file (bsc#1253282) * Add --registry-host, --registry-user and --registry-password to pull images from an authenticate registry * Deprecate --registry * Unify backup create and restore dryrun option case * Fix calling of squid -z in mgrpxy cache clear (bsc#1247644) * Always start database container even if enabled * Remove extra ipv6 mapping and nftables workaround (bsc#1248848) * Remove old PostgreSQL exporter environment file before migration * Support config command parse correctly supportconfig output (bsc#1255781) How to apply this update: 1. Log in as root user to the SUSE Multi-Linux Manager Proxy. 2. Upgrade mgrpxy. 3. If you are in a disconnected environment, upgrade the image packages. 4. Reboot the system. 5. Run `mgrpxy upgrade podman` which will use the default image tags. ## Recommended update 5.1.2 for Multi-Linux Manager Retail Branch Server ### Description: This update fixes the following issues: proxy-httpd-image: * Version 5.1.13 * Add support for a timeout property in the configuration (bsc#1252020) * Cleanup and simplify image building proxy-salt-broker-image: * Version 5.1.12 * Cleanup and simplify image building proxy-squid-image: * Version 5.1.11 * Configure squid replacement policy properly before cache dir (bsc#1253773) * Add missing USER squid directive * Cleanup and simplify image building * Allow override all parameters in squid conf (bsc#1250940) * Set the default timeout for /pub to 30min (bsc#1247644) proxy-ssh-image: * Version 5.1.11 * Cleanup and simplify image building proxy-tftpd-image: * Version 5.1.11 * Cleanup and simplify image building uyuni-storage-setup: * Version 5.1.4-0 * Add CreateArchive directive for git workflow usage uyuni-tools: * Version 5.1.24-0 * Actually use the --dbupgrade-tag parameter when computing the image URL (bsc#1249400) * Handle CA files with symlinks during migration (bsc#1251044) * Adjust traefik exposed configuration for chart v27+ (bsc#1247721) * Fix systemd object initialization in server rename. (bsc#1250981) * Add SSL secrets to the db setup container during migration. (bsc#1250976) * Fix images handling in mgrpxy support ptf (bsc#1250940) * Fix helm upgrade parameters (bsc#1253966) * Detect custom apache and squid config in the /etc/uyuni/proxy folder * Add ssh tuning to configure sshd (bsc#1253738) * Move the SSL checks at the begining of the migration * Remove cgroup mount for podman containers (bsc#1253347) * Convert the traefik install time to local time (bsc#1251138) * During migration, krb5.conf.d should be copied in /etc/rhn (bsc#1254478) * Read env var from http conf file (bsc#1253282) * Add --registry-host, --registry-user and --registry-password to pull images from an authenticate registry * Deprecate --registry * Unify backup create and restore dryrun option case * Fix calling of squid -z in mgrpxy cache clear (bsc#1247644) * Always start database container even if enabled * Remove extra ipv6 mapping and nftables workaround (bsc#1248848) * Remove old PostgreSQL exporter environment file before migration * Support config command parse correctly supportconfig output (bsc#1255781) How to apply this update: 1. Log in as root user to the SUSE Multi-Linux Manager Retail Branch Server. 2. Upgrade mgrpxy. 3. If you are in a disconnected environment, upgrade the image packages. 4. Reboot the system. 5. Run `mgrpxy upgrade podman` which will use the default image tags. ## Recommended update 5.1.2 for Multi-Linux Manager Server ### Description: This update fixes the following issues: dhcpd-formula: * Update to version 1.1.2 * enable "reservations-global" to fix global hosts (bsc#1258366) * disable "match-client-id" \- to fix static reservations when the id changes during boot (bsc#1258369) server-attestation-image: * Version 5.1.12 * Cleanup and simplify image building. No customer facing changes server-hub-xmlrpc-api-image: * Version 5.1.11 * Cleanup container building. No customer facing changes server-image: * Version 5.1.12 * Use BCI init image as base * Add zchunk to server image (bsc#1247687) * Ignore http proxy for localhost in healthcheck (bsc#1249155) server-migration-14-16-image: * Version 5.1.11 * Use BCI base image as base * Cleanup and simplify image building. No customer facing changes server-postgresql-image: * Version 5.1.9 * Add pg_trgm extension to support trigram search server-saline-image: * Version 5.1.11 * Cleanup and simplify image building * Keep the RPM database in the image to have information about the packages used to build the container uyuni-tools: * version 5.1.25-0 * If PTF image doesn't exists, use the current service image (bsc#1258418) * Actually use the --dbupgrade-tag parameter when computing the image URL (bsc#1249400) * Handle CA files with symlinks during migration (bsc#1251044) * Adjust traefik exposed configuration for chart v27+ (bsc#1247721) * Fix systemd object initialization in server rename. (bsc#1250981) * Add SSL secrets to the db setup container during migration. (bsc#1250976) * Fix images handling in mgrpxy support ptf (bsc#1250940) * Fix helm upgrade parameters (bsc#1253966) * Detect custom apache and squid config in the /etc/uyuni/proxy folder * Add ssh tuning to configure sshd (bsc#1253738) * Move the SSL checks at the begining of the migration * Remove cgroup mount for podman containers (bsc#1253347) * Convert the traefik install time to local time (bsc#1251138) * During migration, krb5.conf.d should be copied in /etc/rhn (bsc#1254478) * Read env var from http conf file (bsc#1253282) * Add --registry-host, --registry-user and --registry-password to pull images from an authenticate registry * Deprecate --registry * Unify backup create and restore dryrun option case * Fix calling of squid -z in mgrpxy cache clear (bsc#1247644) * Always start database container even if enabled * Remove extra ipv6 mapping and nftables workaround (bsc#1248848) * Remove old PostgreSQL exporter environment file before migration * Support config command parse correctly supportconfig output (bsc#1255781) How to apply this update: 1. Log in as root user to the SUSE Multi-Linux Manager Server. 2. Upgrade mgradm and mgrctl. 3. If you are in a disconnected environment, upgrade the image packages. 4. Reboot the system. 5. Run `mgradm upgrade podman` which will use the default image tags. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Proxy 5.1 Extension for SLE zypper in -t patch SUSE-Multi-Linux-Manager-Proxy-SLE-5.1-2026-624=1 * SUSE Multi-Linux Manager Retail Branch Server 5.1 Extension for SLE zypper in -t patch SUSE-Multi-Linux-Manager-Retail-Branch-Server- SLE-5.1-2026-624=1 * SUSE Multi-Linux Manager Server 5.1 Extension for SLE zypper in -t patch SUSE-Multi-Linux-Manager-Server-SLE-5.1-2026-624=1 ## Package List: * SUSE Multi-Linux Manager Proxy 5.1 Extension for SLE (aarch64 ppc64le s390x x86_64) * mgrpxy-5.1.25-150700.3.15.1 * mgrpxy-debuginfo-5.1.25-150700.3.15.1 * uyuni-storage-setup-proxy-5.1.4-150700.3.3.5 * SUSE Multi-Linux Manager Proxy 5.1 Extension for SLE (noarch) * mgrpxy-bash-completion-5.1.25-150700.3.15.1 * mgrpxy-lang-5.1.25-150700.3.15.1 * mgrpxy-zsh-completion-5.1.25-150700.3.15.1 * SUSE Multi-Linux Manager Proxy 5.1 Extension for SLE (aarch64) * suse-multi-linux-manager-5.1-aarch64-proxy-squid-image-5.1.2-8.11.15 * suse-multi-linux-manager-5.1-aarch64-proxy-tftpd-image-5.1.2-8.11.16 * suse-multi-linux-manager-5.1-aarch64-proxy-httpd-image-5.1.2-8.13.41 * suse-multi-linux-manager-5.1-aarch64-proxy-salt-broker-image-5.1.2-9.11.44 * suse-multi-linux-manager-5.1-aarch64-proxy-ssh-image-5.1.2-8.11.15 * SUSE Multi-Linux Manager Proxy 5.1 Extension for SLE (ppc64le) * suse-multi-linux-manager-5.1-ppc64le-proxy-squid-image-5.1.2-8.11.15 * suse-multi-linux-manager-5.1-ppc64le-proxy-salt-broker-image-5.1.2-9.11.44 * suse-multi-linux-manager-5.1-ppc64le-proxy-httpd-image-5.1.2-8.13.41 * suse-multi-linux-manager-5.1-ppc64le-proxy-ssh-image-5.1.2-8.11.15 * suse-multi-linux-manager-5.1-ppc64le-proxy-tftpd-image-5.1.2-8.11.16 * SUSE Multi-Linux Manager Proxy 5.1 Extension for SLE (s390x) * suse-multi-linux-manager-5.1-s390x-proxy-tftpd-image-5.1.2-8.11.16 * suse-multi-linux-manager-5.1-s390x-proxy-squid-image-5.1.2-8.11.15 * suse-multi-linux-manager-5.1-s390x-proxy-salt-broker-image-5.1.2-9.11.44 * suse-multi-linux-manager-5.1-s390x-proxy-ssh-image-5.1.2-8.11.15 * suse-multi-linux-manager-5.1-s390x-proxy-httpd-image-5.1.2-8.13.41 * SUSE Multi-Linux Manager Proxy 5.1 Extension for SLE (x86_64) * suse-multi-linux-manager-5.1-x86_64-proxy-httpd-image-5.1.2-8.13.41 * suse-multi-linux-manager-5.1-x86_64-proxy-tftpd-image-5.1.2-8.11.16 * suse-multi-linux-manager-5.1-x86_64-proxy-salt-broker-image-5.1.2-9.11.44 * suse-multi-linux-manager-5.1-x86_64-proxy-squid-image-5.1.2-8.11.15 * suse-multi-linux-manager-5.1-x86_64-proxy-ssh-image-5.1.2-8.11.15 * SUSE Multi-Linux Manager Retail Branch Server 5.1 Extension for SLE (aarch64 ppc64le s390x x86_64) * mgrpxy-5.1.25-150700.3.15.1 * mgrpxy-debuginfo-5.1.25-150700.3.15.1 * uyuni-storage-setup-proxy-5.1.4-150700.3.3.5 * SUSE Multi-Linux Manager Retail Branch Server 5.1 Extension for SLE (noarch) * mgrpxy-bash-completion-5.1.25-150700.3.15.1 * mgrpxy-lang-5.1.25-150700.3.15.1 * mgrpxy-zsh-completion-5.1.25-150700.3.15.1 * SUSE Multi-Linux Manager Retail Branch Server 5.1 Extension for SLE (aarch64) * suse-multi-linux-manager-5.1-aarch64-proxy-squid-image-5.1.2-8.11.15 * suse-multi-linux-manager-5.1-aarch64-proxy-tftpd-image-5.1.2-8.11.16 * suse-multi-linux-manager-5.1-aarch64-proxy-httpd-image-5.1.2-8.13.41 * suse-multi-linux-manager-5.1-aarch64-proxy-salt-broker-image-5.1.2-9.11.44 * suse-multi-linux-manager-5.1-aarch64-proxy-ssh-image-5.1.2-8.11.15 * SUSE Multi-Linux Manager Retail Branch Server 5.1 Extension for SLE (ppc64le) * suse-multi-linux-manager-5.1-ppc64le-proxy-squid-image-5.1.2-8.11.15 * suse-multi-linux-manager-5.1-ppc64le-proxy-salt-broker-image-5.1.2-9.11.44 * suse-multi-linux-manager-5.1-ppc64le-proxy-httpd-image-5.1.2-8.13.41 * suse-multi-linux-manager-5.1-ppc64le-proxy-ssh-image-5.1.2-8.11.15 * suse-multi-linux-manager-5.1-ppc64le-proxy-tftpd-image-5.1.2-8.11.16 * SUSE Multi-Linux Manager Retail Branch Server 5.1 Extension for SLE (s390x) * suse-multi-linux-manager-5.1-s390x-proxy-tftpd-image-5.1.2-8.11.16 * suse-multi-linux-manager-5.1-s390x-proxy-squid-image-5.1.2-8.11.15 * suse-multi-linux-manager-5.1-s390x-proxy-salt-broker-image-5.1.2-9.11.44 * suse-multi-linux-manager-5.1-s390x-proxy-ssh-image-5.1.2-8.11.15 * suse-multi-linux-manager-5.1-s390x-proxy-httpd-image-5.1.2-8.13.41 * SUSE Multi-Linux Manager Retail Branch Server 5.1 Extension for SLE (x86_64) * suse-multi-linux-manager-5.1-x86_64-proxy-httpd-image-5.1.2-8.13.41 * suse-multi-linux-manager-5.1-x86_64-proxy-tftpd-image-5.1.2-8.11.16 * suse-multi-linux-manager-5.1-x86_64-proxy-salt-broker-image-5.1.2-9.11.44 * suse-multi-linux-manager-5.1-x86_64-proxy-squid-image-5.1.2-8.11.15 * suse-multi-linux-manager-5.1-x86_64-proxy-ssh-image-5.1.2-8.11.15 * SUSE Multi-Linux Manager Server 5.1 Extension for SLE (aarch64 ppc64le s390x x86_64) * mgradm-debuginfo-5.1.25-150700.3.15.1 * uyuni-storage-setup-server-5.1.4-150700.3.3.5 * mgrctl-5.1.25-150700.3.15.1 * mgradm-5.1.25-150700.3.15.1 * mgrctl-debuginfo-5.1.25-150700.3.15.1 * SUSE Multi-Linux Manager Server 5.1 Extension for SLE (noarch) * mgradm-lang-5.1.25-150700.3.15.1 * mgradm-bash-completion-5.1.25-150700.3.15.1 * uyuni-payg-timer-5.1.3-150700.3.3.5 * mgrctl-zsh-completion-5.1.25-150700.3.15.1 * mgrctl-bash-completion-5.1.25-150700.3.15.1 * mgrctl-lang-5.1.25-150700.3.15.1 * mgradm-zsh-completion-5.1.25-150700.3.15.1 * SUSE Multi-Linux Manager Server 5.1 Extension for SLE (aarch64) * suse-multi-linux-manager-5.1-aarch64-server-postgresql-image-5.1.2-6.11.15 * suse-multi-linux-manager-5.1-aarch64-server-attestation-image-5.1.2-8.13.26 * suse-multi-linux-manager-5.1-aarch64-server-hub-xmlrpc-api-image-5.1.2-8.11.16 * suse-multi-linux-manager-5.1-aarch64-server-migration-14-16-image-5.1.2-8.11.16 * suse-multi-linux-manager-5.1-aarch64-server-saline-image-5.1.2-9.11.36 * suse-multi-linux-manager-5.1-aarch64-server-image-5.1.2-8.11.37 * SUSE Multi-Linux Manager Server 5.1 Extension for SLE (ppc64le) * suse-multi-linux-manager-5.1-ppc64le-server-attestation-image-5.1.2-8.13.26 * suse-multi-linux-manager-5.1-ppc64le-server-image-5.1.2-8.11.37 * suse-multi-linux-manager-5.1-ppc64le-server-postgresql-image-5.1.2-6.11.15 * suse-multi-linux-manager-5.1-ppc64le-server-migration-14-16-image-5.1.2-8.11.16 * suse-multi-linux-manager-5.1-ppc64le-server-hub-xmlrpc-api-image-5.1.2-8.11.16 * suse-multi-linux-manager-5.1-ppc64le-server-saline-image-5.1.2-9.11.36 * SUSE Multi-Linux Manager Server 5.1 Extension for SLE (s390x) * suse-multi-linux-manager-5.1-s390x-server-saline-image-5.1.2-9.11.36 * suse-multi-linux-manager-5.1-s390x-server-migration-14-16-image-5.1.2-8.11.16 * suse-multi-linux-manager-5.1-s390x-server-hub-xmlrpc-api-image-5.1.2-8.11.16 * suse-multi-linux-manager-5.1-s390x-server-attestation-image-5.1.2-8.13.26 * suse-multi-linux-manager-5.1-s390x-server-image-5.1.2-8.11.37 * suse-multi-linux-manager-5.1-s390x-server-postgresql-image-5.1.2-6.11.15 * SUSE Multi-Linux Manager Server 5.1 Extension for SLE (x86_64) * suse-multi-linux-manager-5.1-x86_64-server-saline-image-5.1.2-9.11.36 * suse-multi-linux-manager-5.1-x86_64-server-hub-xmlrpc-api-image-5.1.2-8.11.16 * suse-multi-linux-manager-5.1-x86_64-server-postgresql-image-5.1.2-6.11.15 * suse-multi-linux-manager-5.1-x86_64-server-migration-14-16-image-5.1.2-8.11.16 * suse-multi-linux-manager-5.1-x86_64-server-attestation-image-5.1.2-8.13.26 * suse-multi-linux-manager-5.1-x86_64-server-image-5.1.2-8.11.37 ## References: * https://www.suse.com/security/cve/CVE-2025-13836.html * https://www.suse.com/security/cve/CVE-2025-67724.html * https://www.suse.com/security/cve/CVE-2025-67725.html * https://www.suse.com/security/cve/CVE-2025-67726.html * https://bugzilla.suse.com/show_bug.cgi?id=1240532 * https://bugzilla.suse.com/show_bug.cgi?id=1246130 * https://bugzilla.suse.com/show_bug.cgi?id=1247644 * https://bugzilla.suse.com/show_bug.cgi?id=1247687 * https://bugzilla.suse.com/show_bug.cgi?id=1247721 * https://bugzilla.suse.com/show_bug.cgi?id=1248848 * https://bugzilla.suse.com/show_bug.cgi?id=1249155 * https://bugzilla.suse.com/show_bug.cgi?id=1249400 * https://bugzilla.suse.com/show_bug.cgi?id=1250940 * https://bugzilla.suse.com/show_bug.cgi?id=1250976 * https://bugzilla.suse.com/show_bug.cgi?id=1250981 * https://bugzilla.suse.com/show_bug.cgi?id=1251044 * https://bugzilla.suse.com/show_bug.cgi?id=1251138 * https://bugzilla.suse.com/show_bug.cgi?id=1252020 * https://bugzilla.suse.com/show_bug.cgi?id=1253282 * https://bugzilla.suse.com/show_bug.cgi?id=1253347 * https://bugzilla.suse.com/show_bug.cgi?id=1253738 * https://bugzilla.suse.com/show_bug.cgi?id=1253773 * https://bugzilla.suse.com/show_bug.cgi?id=1253966 * https://bugzilla.suse.com/show_bug.cgi?id=1254316 * https://bugzilla.suse.com/show_bug.cgi?id=1254325 * https://bugzilla.suse.com/show_bug.cgi?id=1254400 * https://bugzilla.suse.com/show_bug.cgi?id=1254478 * https://bugzilla.suse.com/show_bug.cgi?id=1254903 * https://bugzilla.suse.com/show_bug.cgi?id=1254904 * https://bugzilla.suse.com/show_bug.cgi?id=1254905 * https://bugzilla.suse.com/show_bug.cgi?id=1255781 * https://bugzilla.suse.com/show_bug.cgi?id=1256991 * https://bugzilla.suse.com/show_bug.cgi?id=1257147 * https://bugzilla.suse.com/show_bug.cgi?id=1257255 * https://bugzilla.suse.com/show_bug.cgi?id=1257538 * https://bugzilla.suse.com/show_bug.cgi?id=1257992 * https://bugzilla.suse.com/show_bug.cgi?id=1258082 * https://bugzilla.suse.com/show_bug.cgi?id=1258164 * https://bugzilla.suse.com/show_bug.cgi?id=1258366 * https://bugzilla.suse.com/show_bug.cgi?id=1258369 * https://bugzilla.suse.com/show_bug.cgi?id=1258418 * https://jira.suse.com/browse/MSQA-1040 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Feb 25 16:36:14 2026 From: null at suse.de (SUSE-MANAGER-UPDATES) Date: Wed, 25 Feb 2026 16:36:14 -0000 Subject: SUSE-SU-2026:0623-1: important: Security update for python-tornado Message-ID: <177203737494.25.2244173647793528935@1822608de31d> # Security update for python-tornado Announcement ID: SUSE-SU-2026:0623-1 Release Date: 2026-02-25T09:15:13Z Rating: important References: * bsc#1254904 * bsc#1254905 Cross-References: * CVE-2025-67725 * CVE-2025-67726 CVSS scores: * CVE-2025-67725 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-67725 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67725 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67726 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-67726 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67726 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Desktop 12 * SUSE Linux Enterprise Desktop 12 SP1 * SUSE Linux Enterprise Desktop 12 SP2 * SUSE Linux Enterprise Desktop 12 SP3 * SUSE Linux Enterprise Desktop 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 * SUSE Manager Client Tools for SLE 12 An update that solves two vulnerabilities can now be installed. ## Description: This update for python-tornado fixes the following issues: * CVE-2025-67725: inefficient algorithm when parsing parameters for HTTP header values (bsc#1254905). * CVE-2025-67726: Denial of Service (DoS) via maliciously crafted HTTP request caused by the HTTPHeaders.add method (bsc#1254904). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for SLE 12 zypper in -t patch SUSE-SLE-Manager-Tools-12-2026-623=1 ## Package List: * SUSE Manager Client Tools for SLE 12 (aarch64 ppc64le s390x x86_64) * python-tornado-4.2.1-17.13.1 * python3-tornado-4.2.1-17.13.1 * python-tornado-debuginfo-4.2.1-17.13.1 * python-tornado-debugsource-4.2.1-17.13.1 ## References: * https://www.suse.com/security/cve/CVE-2025-67725.html * https://www.suse.com/security/cve/CVE-2025-67726.html * https://bugzilla.suse.com/show_bug.cgi?id=1254904 * https://bugzilla.suse.com/show_bug.cgi?id=1254905 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Feb 25 20:30:33 2026 From: null at suse.de (SUSE-MANAGER-UPDATES) Date: Wed, 25 Feb 2026 20:30:33 -0000 Subject: SUSE-RU-2026:20441-1: important: Recommended update 5.1.2 for Multi-Linux Manager Message-ID: <177205143325.22.3943898737647044302@839d3368ecd3> # Recommended update 5.1.2 for Multi-Linux Manager Announcement ID: SUSE-RU-2026:20441-1 Release Date: 2026-01-22T06:46:45Z Rating: important References: * bsc#1247644 * bsc#1247721 * bsc#1248848 * bsc#1249400 * bsc#1250940 * bsc#1250976 * bsc#1250981 * bsc#1251044 * bsc#1251138 * bsc#1253282 * bsc#1253347 * bsc#1253738 * bsc#1253966 * bsc#1254478 * bsc#1255781 Affected Products: * SUSE Linux Micro 6.1 * SUSE Multi-Linux Manager Proxy 5.1 * SUSE Multi-Linux Manager Retail Branch Server 5.1 * SUSE Multi-Linux Manager Server 5.1 An update that has 15 fixes can now be installed. ## Description: This update fixes the following issues: uyuni-payg-timer: * Version 5.1.3-0 * Non-customer-facing optimization and update uyuni-storage-setup: * Version 5.1.4-0 * Non-customer-facing optimization and update uyuni-tools: * Version 5.1.24-0 * Actually use the --dbupgrade-tag parameter when computing the image URL (bsc#1249400) * Handle CA files with symlinks during migration (bsc#1251044) * Adjust traefik exposed configuration for chart v27 (bsc#1247721) * Fix systemd object initialization in server rename. (bsc#1250981) * Add SSL secrets to the db setup container during migration. (bsc#1250976) * Fix images handling in mgrpxy support ptf (bsc#1250940) * Fix helm upgrade parameters (bsc#1253966) * Detect custom apache and squid config in the /etc/uyuni/proxy folder * Add ssh tuning to configure sshd (bsc#1253738) * Move the SSL checks at the begining of the migration * Remove cgroup mount for podman containers (bsc#1253347) * Convert the traefik install time to local time (bsc#1251138) * During migration, krb5.conf.d should be copied in /etc/rhn (bsc#1254478) * Read env var from http conf file (bsc#1253282) * Add --registry-host, --registry-user and --registry-password to pull images from an authenticate registry * Deprecate --registry * Unify backup create and restore dryrun option case * Fix calling of squid -z in mgrpxy cache clear (bsc#1247644) * Always start database container even if enabled * Remove extra ipv6 mapping and nftables workaround (bsc#1248848) * Remove old PostgreSQL exporter environment file before migration * Support config command parse correctly supportconfig output (bsc#1255781) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Proxy 5.1 zypper in -t patch SUSE-Multi-Linux-Manager-5.1-4=1 * SUSE Multi-Linux Manager Retail Branch Server 5.1 zypper in -t patch SUSE-Multi-Linux-Manager-5.1-4=1 * SUSE Multi-Linux Manager Server 5.1 zypper in -t patch SUSE-Multi-Linux-Manager-5.1-4=1 ## Package List: * SUSE Multi-Linux Manager Proxy 5.1 (aarch64 ppc64le s390x x86_64) * uyuni-storage-setup-proxy-5.1.4-slfo.1.1.1 * mgrpxy-debuginfo-5.1.24-slfo.1.1.1 * mgrpxy-5.1.24-slfo.1.1.1 * SUSE Multi-Linux Manager Proxy 5.1 (noarch) * mgrpxy-lang-5.1.24-slfo.1.1.1 * mgrpxy-bash-completion-5.1.24-slfo.1.1.1 * mgrpxy-zsh-completion-5.1.24-slfo.1.1.1 * SUSE Multi-Linux Manager Retail Branch Server 5.1 (aarch64 ppc64le s390x x86_64) * uyuni-storage-setup-proxy-5.1.4-slfo.1.1.1 * mgrpxy-debuginfo-5.1.24-slfo.1.1.1 * mgrpxy-5.1.24-slfo.1.1.1 * SUSE Multi-Linux Manager Retail Branch Server 5.1 (noarch) * mgrpxy-lang-5.1.24-slfo.1.1.1 * mgrpxy-bash-completion-5.1.24-slfo.1.1.1 * mgrpxy-zsh-completion-5.1.24-slfo.1.1.1 * SUSE Multi-Linux Manager Server 5.1 (aarch64 ppc64le s390x x86_64) * uyuni-storage-setup-server-5.1.4-slfo.1.1.1 * mgrctl-5.1.24-slfo.1.1.1 * mgrctl-debuginfo-5.1.24-slfo.1.1.1 * mgradm-5.1.24-slfo.1.1.1 * mgradm-debuginfo-5.1.24-slfo.1.1.1 * SUSE Multi-Linux Manager Server 5.1 (noarch) * mgrctl-zsh-completion-5.1.24-slfo.1.1.1 * mgradm-zsh-completion-5.1.24-slfo.1.1.1 * mgradm-lang-5.1.24-slfo.1.1.1 * mgrctl-bash-completion-5.1.24-slfo.1.1.1 * uyuni-payg-timer-5.1.3-slfo.1.1.1 * mgrctl-lang-5.1.24-slfo.1.1.1 * mgradm-bash-completion-5.1.24-slfo.1.1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1247644 * https://bugzilla.suse.com/show_bug.cgi?id=1247721 * https://bugzilla.suse.com/show_bug.cgi?id=1248848 * https://bugzilla.suse.com/show_bug.cgi?id=1249400 * https://bugzilla.suse.com/show_bug.cgi?id=1250940 * https://bugzilla.suse.com/show_bug.cgi?id=1250976 * https://bugzilla.suse.com/show_bug.cgi?id=1250981 * https://bugzilla.suse.com/show_bug.cgi?id=1251044 * https://bugzilla.suse.com/show_bug.cgi?id=1251138 * https://bugzilla.suse.com/show_bug.cgi?id=1253282 * https://bugzilla.suse.com/show_bug.cgi?id=1253347 * https://bugzilla.suse.com/show_bug.cgi?id=1253738 * https://bugzilla.suse.com/show_bug.cgi?id=1253966 * https://bugzilla.suse.com/show_bug.cgi?id=1254478 * https://bugzilla.suse.com/show_bug.cgi?id=1255781 -------------- next part -------------- An HTML attachment was scrubbed... URL: