Security update 5.0.6 for Multi-Linux Manager Client Tools

Announcement ID:	SUSE-SU-2025:4458-1
Release Date:	2025-12-18T11:57:41Z
Rating:	important
References:	bsc#1227577 bsc#1227579 bsc#1237495 bsc#1243611 bsc#1243704 bsc#1244027 bsc#1244127 bsc#1244534 bsc#1245099 bsc#1245302 bsc#1246068 bsc#1246320 bsc#1246553 bsc#1246586 bsc#1246662 bsc#1246735 bsc#1246736 bsc#1246738 bsc#1246789 bsc#1246882 bsc#1246906 bsc#1246925 bsc#1247688 bsc#1247721 bsc#1250616 bsc#1251044 bsc#1251138 bsc#1252100 jsc#MSQA-1034
Cross-References:	CVE-2025-11065 CVE-2025-3415 CVE-2025-6023 CVE-2025-6197
CVSS scores:	CVE-2025-11065 ( SUSE ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVE-2025-11065 ( SUSE ): 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N CVE-2025-3415 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVE-2025-3415 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2025-3415 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2025-6023 ( SUSE ): 7.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N CVE-2025-6023 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L CVE-2025-6023 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L CVE-2025-6197 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N CVE-2025-6197 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N CVE-2025-6197 ( NVD ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Affected Products:	openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap 15.5 openSUSE Leap 15.6 SUSE Linux Enterprise Desktop 15 SUSE Linux Enterprise Desktop 15 SP1 SUSE Linux Enterprise Desktop 15 SP2 SUSE Linux Enterprise Desktop 15 SP3 SUSE Linux Enterprise Desktop 15 SP4 SUSE Linux Enterprise Desktop 15 SP5 SUSE Linux Enterprise Desktop 15 SP6 SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15 SP1 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP3 SUSE Linux Enterprise High Performance Computing 15 SP4 SUSE Linux Enterprise High Performance Computing 15 SP5 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Micro 5.5 SUSE Linux Enterprise Real Time 15 SP1 SUSE Linux Enterprise Real Time 15 SP2 SUSE Linux Enterprise Real Time 15 SP3 SUSE Linux Enterprise Real Time 15 SP4 SUSE Linux Enterprise Real Time 15 SP5 SUSE Linux Enterprise Real Time 15 SP6 SUSE Linux Enterprise Real Time 15 SP7 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server 15 SP4 SUSE Linux Enterprise Server 15 SP5 SUSE Linux Enterprise Server 15 SP6 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP6 SUSE Linux Enterprise Server for SAP Applications 15 SP7 SUSE Manager Client Tools for SLE 15 SUSE Manager Client Tools for SLE Micro 5

An update that solves four vulnerabilities, contains one feature and has 24 security fixes can now be installed.

Description:

This update fixes the following issues:

dracut-saltboot:

• Update to version 1.0.0
• Reboot on salt key timeout (bsc#1237495)
• Fixed parsing files with space in the name (bsc#1252100)

grafana was updated from version 11.5.5 to 11.5.10:

• Security issues fixed:

• CVE-2025-47911: Fix parsing HTML documents (bsc#1251454)

• CVE-2025-58190: Fix excessive memory consumption (bsc#1251657)
• CVE-2025-64751: Drop experimental implementation of authorization Zanzana server/client (bsc#1254113)
• CVE-2025-11065: Fixed sensitive information leak in logs (version 11.5.9) (bsc#1250616)
• CVE-2025-6023: Fixed cross-site-scripting via scripted dashboards (version 11.5.7) (bsc#1246735)
• CVE-2025-6197: Fixed open redirect in organization switching (version 11.5.7) (bsc#1246736)

• CVE-2025-3415: Fixed exposure of DingDing alerting integration URL to Viewer level users (version 11.5.6) (bsc#1245302)

• Other changes, new features and bugs fixed:

• Version 11.5.10:

  • Update to Go 1.25
  • Update to golang.org/x/net v0.45.0
  • Auth: Fix render user OAuth passthrough
  • LDAP Authentication: Fix URL to propagate username context as parameter

• Version 11.5.9:

  • Auditing: Document new options for recording datasource query request/response body.
  • Login: Fixed redirection after login when Grafana is served from subpath.

• Version 11.5.7:

  • Azure: Fixed legend formatting and resource name determination in template variable queries.

mgr-push:

• Version 5.0.3-0
• Fixed syntax error in changelog

rhnlib:

• Version 5.0.6-0
• Use more secure defusedxml parser (bsc#1227577)

spacecmd:

• Version 5.0.14-0
• Fixed installation of python lib files on Ubuntu 24.04 (bsc#1246586)
• Use JSON instead of pickle for spacecmd cache (bsc#1227579)
• Make spacecmd to work with Python 3.12 and higher
• Call print statements properly in Python 3

uyuni-tools:

• Version 0.1.37-0
• Handle CA files with symlinks during migration (bsc#1251044)
• Add a lowercase version of --logLevel (bsc#1243611)
• Adjust traefik exposed configuration for chart v27+ (bsc#1247721)
• Stop executing scripts in temporary folder (bsc#1243704)
• Convert the traefik install time to local time (bsc#1251138)
• Run smdba and reindex only during migration (bsc#1244534)
• Support config: collect podman inspect for hub container (bsc#1245099)
• Add --registry-host, --registry-user and --registry-password to pull images from an authenticate registry
• Deprecate --registry
• Use new dedicated path for Cobbler settings (bsc#1244027)
• Migrate custom auto installation snippets (bsc#1246320)
• Add SLE15SP7 to buildin productmap
• Fix loading product map from mgradm configuration file (bsc#1246068)
• Fix channel override for distro copy
• Do not use sudo when running as a root user (bsc#1246882)
• Do not require backups to be at the same location for restoring (bsc#1246906)
• Check for restorecon presence before calling (bsc#1246925)
• Automatically get up-to-date systemid file on salt based proxy hosts (bsc#1246789)
• Fix recomputing proxy images when installing a ptf or test (bsc#1246553)
• Add migration for server monitoring configuration (bsc#1247688)
• Version 0.1.36-0
• Bump the default image tag
• Version 0.1.35-0
• Restore SELinux contexts for restored backup volumes (bsc#1244127)
• Version 0.1.34-0
• Fix mgradm backup create handling of images and systemd files (bsc#1246738)
• Version 0.1.33-0
• Restore volumes using tar instead of podman import (bsc#1244127)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Manager Client Tools for SLE 15
  zypper in -t patch SUSE-SLE-Manager-Tools-15-2025-4458=1
• SUSE Manager Client Tools for SLE Micro 5
  zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2025-4458=1
• openSUSE Leap 15.6
  zypper in -t patch openSUSE-SLE-15.6-2025-4458=1

Package List:

• SUSE Manager Client Tools for SLE 15 (noarch)
  • supportutils-plugin-susemanager-client-5.0.5-150000.3.30.1
  • mgrctl-zsh-completion-0.1.37-150000.1.27.1
  • python3-rhnlib-5.0.6-150000.3.49.1
  • mgrctl-bash-completion-0.1.37-150000.1.27.1
  • dracut-saltboot-1.0.0-150000.1.62.1
  • mgrctl-lang-0.1.37-150000.1.27.1
  • python3-mgr-push-5.0.3-150000.1.30.1
  • mgr-push-5.0.3-150000.1.30.1
  • spacecmd-5.0.14-150000.3.139.1
• SUSE Manager Client Tools for SLE 15 (aarch64 ppc64le s390x x86_64)
  • mgrctl-debuginfo-0.1.37-150000.1.27.1
  • grafana-debuginfo-11.5.10-150000.1.87.1
  • mgrctl-0.1.37-150000.1.27.1
  • grafana-11.5.10-150000.1.87.1
• SUSE Manager Client Tools for SLE Micro 5 (noarch)
  • mgrctl-lang-0.1.37-150000.1.27.1
  • mgrctl-bash-completion-0.1.37-150000.1.27.1
  • dracut-saltboot-1.0.0-150000.1.62.1
  • mgrctl-zsh-completion-0.1.37-150000.1.27.1
• SUSE Manager Client Tools for SLE Micro 5 (aarch64 s390x x86_64)
  • mgrctl-0.1.37-150000.1.27.1
  • mgrctl-debuginfo-0.1.37-150000.1.27.1
• openSUSE Leap 15.6 (noarch)
  • supportutils-plugin-susemanager-client-5.0.5-150000.3.30.1
  • dracut-saltboot-1.0.0-150000.1.62.1
  • spacecmd-5.0.14-150000.3.139.1

References:

• https://www.suse.com/security/cve/CVE-2025-11065.html
• https://www.suse.com/security/cve/CVE-2025-3415.html
• https://www.suse.com/security/cve/CVE-2025-6023.html
• https://www.suse.com/security/cve/CVE-2025-6197.html
• https://bugzilla.suse.com/show_bug.cgi?id=1227577
• https://bugzilla.suse.com/show_bug.cgi?id=1227579
• https://bugzilla.suse.com/show_bug.cgi?id=1237495
• https://bugzilla.suse.com/show_bug.cgi?id=1243611
• https://bugzilla.suse.com/show_bug.cgi?id=1243704
• https://bugzilla.suse.com/show_bug.cgi?id=1244027
• https://bugzilla.suse.com/show_bug.cgi?id=1244127
• https://bugzilla.suse.com/show_bug.cgi?id=1244534
• https://bugzilla.suse.com/show_bug.cgi?id=1245099
• https://bugzilla.suse.com/show_bug.cgi?id=1245302
• https://bugzilla.suse.com/show_bug.cgi?id=1246068
• https://bugzilla.suse.com/show_bug.cgi?id=1246320
• https://bugzilla.suse.com/show_bug.cgi?id=1246553
• https://bugzilla.suse.com/show_bug.cgi?id=1246586
• https://bugzilla.suse.com/show_bug.cgi?id=1246662
• https://bugzilla.suse.com/show_bug.cgi?id=1246735
• https://bugzilla.suse.com/show_bug.cgi?id=1246736
• https://bugzilla.suse.com/show_bug.cgi?id=1246738
• https://bugzilla.suse.com/show_bug.cgi?id=1246789
• https://bugzilla.suse.com/show_bug.cgi?id=1246882
• https://bugzilla.suse.com/show_bug.cgi?id=1246906
• https://bugzilla.suse.com/show_bug.cgi?id=1246925
• https://bugzilla.suse.com/show_bug.cgi?id=1247688
• https://bugzilla.suse.com/show_bug.cgi?id=1247721
• https://bugzilla.suse.com/show_bug.cgi?id=1250616
• https://bugzilla.suse.com/show_bug.cgi?id=1251044
• https://bugzilla.suse.com/show_bug.cgi?id=1251138
• https://bugzilla.suse.com/show_bug.cgi?id=1252100
• https://jira.suse.com/browse/MSQA-1034