Security update 5.1.1.1 for Multi-Linux Manager Client Tools

Announcement ID: SUSE-SU-2025:4446-1
Release Date: 2025-12-18T08:49:58Z
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2025-11065 ( SUSE ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
  • CVE-2025-11065 ( SUSE ): 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
  • CVE-2025-47911 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
  • CVE-2025-47911 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVE-2025-58190 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
  • CVE-2025-58190 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVE-2025-64751 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
  • CVE-2025-64751 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
  • CVE-2025-64751 ( NVD ): 5.8 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Affected Products:
  • SUSE Multi-Linux Manager Client Tools for SLE 15
  • SUSE Multi-Linux Manager Client Tools for SLE Micro 5

An update that solves four vulnerabilities, contains two features and has one security fix can now be installed.

Description:

This update fixes the following issues:

grafana was updated from version 11.5.7 to 11.5.10:

  • Security issues fixed:

  • CVE-2025-64751: Drop experimental implementation of authorization Zanzana server/client (version 11.5.10) (bsc#1254113)

  • CVE-2025-47911: Fix parsing HTML documents (version 11.5.10) (bsc#1251454)
  • CVE-2025-58190: Fix excessive memory consumption (version 11.5.10) (bsc#1251657)

  • CVE-2025-11065: Fixed sensitive information leak in logs (version 11.5.9) (bsc#1250616)

  • Other changes, new features and bugs fixed:

  • Version 11.5.10:

    • Use forked wire from Grafana repository instead of external package (jsc#PED-14178)
    • Auth: Fix render user OAuth passthrough.
    • LDAP Authentication: Fix URL to propagate username context as parameter.
    • Plugins: Dependencies do not inherit parent URL for preinstall.
  • Version 11.5.9:
    • Auditing: Document new options for recording datasource query request/response body.
    • Login: Fixed redirection after login when Grafana is served from subpath.
  • Update to version 11.5.8:
    • No relevant changes

uyuni-tools:

  • version 5.1.23-0
  • Update the default tag to 5.1.1.1
  • version 5.1.22-0
  • Fix cobbler config migration to standalone files
  • Fix generated DB certificate subject alternate names
  • version 5.1.21-0
  • Remove extraneous quotes when getting the running image (bsc#1249434)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Multi-Linux Manager Client Tools for SLE 15
    zypper in -t patch SUSE-MultiLinuxManagerTools-SLE-15-2025-4446=1
  • SUSE Multi-Linux Manager Client Tools for SLE Micro 5
    zypper in -t patch SUSE-MultiLinuxManagerTools-SLE-Micro-5-2025-4446=1

Package List:

  • SUSE Multi-Linux Manager Client Tools for SLE 15 (aarch64 ppc64le s390x x86_64)
    • grafana-11.5.10-150002.4.6.1
    • mgrctl-debuginfo-5.1.23-150002.3.6.1
    • grafana-debuginfo-11.5.10-150002.4.6.1
    • mgrctl-5.1.23-150002.3.6.1
  • SUSE Multi-Linux Manager Client Tools for SLE 15 (noarch)
    • mgrctl-lang-5.1.23-150002.3.6.1
    • mgrctl-zsh-completion-5.1.23-150002.3.6.1
    • mgrctl-bash-completion-5.1.23-150002.3.6.1
  • SUSE Multi-Linux Manager Client Tools for SLE Micro 5 (aarch64 ppc64le s390x x86_64)
    • mgrctl-debuginfo-5.1.23-150002.3.6.1
    • mgrctl-5.1.23-150002.3.6.1
  • SUSE Multi-Linux Manager Client Tools for SLE Micro 5 (noarch)
    • mgrctl-lang-5.1.23-150002.3.6.1
    • mgrctl-zsh-completion-5.1.23-150002.3.6.1
    • mgrctl-bash-completion-5.1.23-150002.3.6.1

References: