Maintenance update for Multi-Linux Manager 4.3: Server, Proxy and Retail

Announcement ID:	SUSE-SU-2026:1031-1
Release Date:	2026-03-25T10:19:43Z
Rating:	important
References:	bsc#1213308 bsc#1214568 bsc#1214569 bsc#1216711 bsc#1217755 bsc#1220899 bsc#1221950 bsc#1223368 bsc#1227577 bsc#1227579 bsc#1228577 bsc#1230876 bsc#1232125 bsc#1233496 bsc#1236066 bsc#1236799 bsc#1237536 bsc#1238481 bsc#1239636 bsc#1240565 bsc#1241013 bsc#1243241 bsc#1243679 bsc#1243768 bsc#1243808 bsc#1243876 bsc#1243881 bsc#1244177 bsc#1244542 bsc#1244648 bsc#1244724 bsc#1245241 bsc#1245307 bsc#1245405 bsc#1245766 bsc#1246421 bsc#1246981 bsc#1247038 bsc#1248741 bsc#1248804 bsc#1249502 bsc#1251864 bsc#1251995 bsc#1252937 bsc#1253024 bsc#1253068 bsc#1253158 bsc#1253322 bsc#1253501 bsc#1253773 bsc#1255298 bsc#1257538 jsc#MSQA-1046 jsc#SUMA-406
Cross-References:	CVE-2024-29371
CVSS scores:	CVE-2024-29371 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2024-29371 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-29371 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:	openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap 15.5 openSUSE Leap 15.6 SUSE Linux Enterprise Desktop 15 SUSE Linux Enterprise Desktop 15 SP1 SUSE Linux Enterprise Desktop 15 SP2 SUSE Linux Enterprise Desktop 15 SP3 SUSE Linux Enterprise Desktop 15 SP4 SUSE Linux Enterprise Desktop 15 SP5 SUSE Linux Enterprise Desktop 15 SP6 SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15 SP1 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP3 SUSE Linux Enterprise High Performance Computing 15 SP4 SUSE Linux Enterprise High Performance Computing 15 SP5 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Micro 5.5 SUSE Linux Enterprise Real Time 15 SP1 SUSE Linux Enterprise Real Time 15 SP2 SUSE Linux Enterprise Real Time 15 SP3 SUSE Linux Enterprise Real Time 15 SP4 SUSE Linux Enterprise Real Time 15 SP5 SUSE Linux Enterprise Real Time 15 SP6 SUSE Linux Enterprise Real Time 15 SP7 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server 15 SP4 SUSE Linux Enterprise Server 15 SP5 SUSE Linux Enterprise Server 15 SP6 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP6 SUSE Linux Enterprise Server for SAP Applications 15 SP7 SUSE Manager Client Tools for SLE 15 SUSE Manager Client Tools for SLE Micro 5

An update that solves one vulnerability, contains two features and has 51 security fixes can now be installed.

Recommended update 4.3.17 for Multi-Linux Manager Proxy and Retail Branch Server LTS

Description:

This update fixes the following issues:

mgr-cfg:

• Version 4.3.7-0
• Non-customer-facing optimization and update

mgr-custom-info:

• Version 4.3.4-0
• Non-customer-facing optimization and update

mgr-daemon:

• Version 4.3.13-0
• Update translation strings

mgr-osad:

• Version 4.3.8-0
• Non-customer-facing optimization and update

mgr-push:

• Version 4.3.7-0
• Non-customer-facing optimization and update

rhnlib:

• Version 4.3.8-0
• Use more secure defusedxml parser (bsc#1227577)

spacecmd:

• Version 4.3.32-0
• Make caching code Py 2.7 compatible
• Python 2.7 cannot re-raise exceptions
• Make spacecmd to work with Python 3.12 and higher
• Call print statements properly in Python 3
• Convert cached IDs to int (bsc#1251995)
• Use JSON instead of pickle for spacecmd cache (bsc#1227579)

spacewalk-backend:

• Version 4.3.35-0
• Prevent authentication issues with traditional stack (bsc#1253068)
• Fix parameter error when syncing product repositories in ISS v1 (bsc#1244724)
• Fix fetching the mirrorlist with a ca bundle which include only the intermediate CAs. This is the case for RHUI CA bundles (bsc#1243241).
• Use more secure defusedxml parser (bsc#1227577)

spacewalk-certs-tools:

• Version 4.3.27-0
• Non-customer-facing optimization and update

spacewalk-client-tools:

• Version 4.3.24-0
• Update translation strings

spacewalk-proxy:

• Version 4.3.21-0
• Non-customer-facing optimization and update

spacewalk-proxy-docs:

• Version 4.3.2-0
• Non-customer-facing optimization and update

spacewalk-proxy-html:

• Version 4.3.4-0
• Non-customer-facing optimization and update

spacewalk-proxy-installer:

• Version 4.3.13-0
• Configure squid replacement policy properly before cache dir (bsc#1253773)

spacewalk-setup-jabberd:

• Version 4.3.2-0
• Non-customer-facing optimization and update

spacewalk-ssl-cert-check:

• Version 4.3.4-0
• Non-customer-facing optimization and update

spacewalk-web:

• Version 4.3.48-0
• Fix broken CVE links in CVE audit page.
• Fix bug: confirmation message missing when assigning channel to minion (bsc#1236799)
• Fix URL to salt formular documentation (bsc#1248741)

supportutils-plugin-susemanager-client:

• Version 4.3.6-0
• Non-customer-facing optimization and update

suseRegisterInfo:

• Version 4.3.4-0
• Non-customer-facing optimization and update

uyuni-base:

• Version 4.3.3-0
• Non-customer-facing optimization and update

uyuni-proxy-systemd-services:

• Version 4.3.19-0
• Updated for SUSE Manager 4.3.17

How to apply this update:

1. Log in as root user to the SUSE Multi-Linux Manager Proxy or Retail Branch Server LTS.
2. Stop the proxy service: spacewalk-proxy stop
3. Apply the patch using either zypper patch or YaST Online Update.
4. Start the Spacewalk service: spacewalk-proxy start

Security update 4.3.17 for Multi-Linux Manager Server LTS

Description:

This update fixes the following issues:

cobbler:

• Fix "test_grubimage_run" on Uyuni and SUSE Multi-Linux Manager test containers

inter-server-sync:

• Version 0.3.10-0
• Write log to a rotated file without rsyslog and logrotate
• Recreate cobbler entries on the import (bsc#1220899)
• remove support for 4.2 file based pillars
• use correct hostname detection for 5.x servers (bsc#1253322)
• Version 0.3.9-0
• Do not export autogenerated identity column (bsc##1244648)
• Version 0.3.8-0
• Rename suseproductsccrepository to susechanneltemplate (bsc#1244648)
• Allow skipping changelog export (bsc#1245307)
• Add options to specify xmlRpcPassword via file path or stdin

jose4j:

• CVE-2024-29371: Safeguard against excessive resource utilization by restricting the size of data during JWE payload decompression (bsc#1255298)

liberate-formula:

• Version 0.1.1
• fix installation for liberty 7 (bsc#1246981)
• Change reinstall parameter default value to false

mgr-osad:

• Version 4.3.8-0
• Non-customer-facing optimization and update

mgr-push:

• Version 4.3.7-0
• Non-customer-facing optimization and update

perl-Satcon:

• Version 4.3.3-0
• Non-customer-facing optimization and update

prometheus-exporters-formula:

• Version 1.4.2
• Allow only node exporter on transactional systems (bsc#1244542)

prometheus-formula:

• Version 0.9.0
• Check for supported distributions (bsc#1243876)
• Fix checking Prometheus package version

rhnlib:

• Version 4.3.8-0
• Use more secure defusedxml parser (bsc#1227577)

spacecmd:

• Version 4.3.32-0
• Make caching code Py 2.7 compatible
• Python 2.7 cannot re-raise exceptions
• Make spacecmd to work with Python 3.12 and higher
• Call print statements properly in Python 3
• Convert cached IDs to int (bsc#1251995)
• Use JSON instead of pickle for spacecmd cache (bsc#1227579)

spacewalk:

• Version 4.3.7-0
• Non-customer-facing optimization and update

spacewalk-admin:

• Version 4.3.15-0
• Correctly handles http proxy empty passwords (bsc#1249502)

spacewalk-backend:

• Version 4.3.35-0
• Prevent authentication issues with traditional stack (bsc#1253068)
• Fix parameter error when syncing product repositories in ISS v1 (bsc#1244724)
• Fix fetching the mirrorlist with a ca bundle which include only the intermediate CAs. This is the case for RHUI CA bundles (bsc#1243241).
• Use more secure defusedxml parser (bsc#1227577)

spacewalk-branding:

• Version 4.3.6-0
• Non-customer-facing optimization and update

spacewalk-certs-tools:

• Version 4.3.27-0
• Non-customer-facing optimization and update

spacewalk-client-tools:

• Version 4.3.24-0
• Update translation strings

spacewalk-config:

• Version 4.3.17-0
• Non-customer-facing optimization and update

spacewalk-java:

• Version 4.3.90-0
• Fix reposync crashing at metadata generation (bsc#1257538)
• Version 4.3.89-0
• Delay highstate during bootstrap to run it after the initial minimal state (bsc#1240565)
• add proxy option to provisionSystem API (bsc#1232125)
• Fix dnf updateinfo showing wrong severity for security updates (bsc#1252937)
• Display correct advisory link by using an errata advisory map (bsc#1243808)
• Improve hibernate object creation for ServerPath (bsc#1243881)
• Prevent printing user input in traceback logs and mails (bsc#1239636)
• Send CPU architecture specific data to SCC (jsc#SUMA-406)
• Fix broken CVE links in CVE audit page.
• Fix http proxy verification (bsc#1253501)
• Fix: Broken URL in API docs (bsc#1244177)
• Correctly handles http proxy empty passwords (bsc#1249502)
• Ensure null safety when converting from proxy paths to host names (bsc#1237536)
• Use the correct identifier to map the salt migration result
• Succeed liberate product migration also when reinstall packages is disabled (bsc#1248804)
• Prioritize beacon data for regular minion reboot status (bsc#1245405)

spacewalk-reports:

• Version 4.3.6-0
• Non-customer-facing optimization and update

spacewalk-search:

• Version 4.3.12-0
• Non-customer-facing optimization and update

spacewalk-setup:

• Version 4.3.20-0
• Non-customer-facing optimization and update

spacewalk-setup-jabberd:

• Version 4.3.2-0
• Non-customer-facing optimization and update

spacewalk-utils:

• Version 4.3.25-0
• Non-customer-facing optimization and update

spacewalk-web:

• Version 4.3.48-0
• Fix broken CVE links in CVE audit page.
• Fix bug: confirmation message missing when assigning channel to minion (bsc#1236799)
• Fix URL to salt formular documentation (bsc#1248741)

supportutils-plugin-susemanager:

• Version 4.3.16-0
• Non-customer-facing optimization and update

suseRegisterInfo:

• Version 4.3.4-0
• Non-customer-facing optimization and update

susemanager:

• Version 4.3.43-0
• Added missing bootrap repository definition for OES 24.4 (bsc#1241013)

susemanager-docs_en:

• Removed CIS from list of supported OpenSCAP profiles
• Fixed the incorrect path in Administration Guide (bsc#1221950)
• Corrected the reactivation key varaible name (bsc#1253158)
• Improved CLM procedure in Adminstration Guide (bsc#1230876)
• Added commands to server migration procedures in Installation and Upgrade Guide (bsc#1214569)
• Clarified requirement for PAYG in Installation and Upgrade Guide (bsc#1236066)
• Added information for proxy migration to Installation and Upgrade Guide (bsc#1214568)
• Added reference to dry run documentation (bsc#1223368)
• Added information about requesting access to PTFs (bsc#1213308)
• Added lang support for new shared header to html outputs
• Added shared header styles for documentation.suse.com
• Removed Ubuntu 20.04 from the list supported clients in Client Configuration Guide (bsc#1238481)
• Fixed output box with grep command in LTS section in Installation and Upgrade Guide (bsc#1247038)
• Added procedure to reregister client behind a proxy after renaming the server (bsc#1245766)
• Fixed the admonition in Client Configuration Guide (bsc#1233496)
• Reorganised files for better visibility of differences between AutoYaST and Kickstart profiles (bsc#1217755)
• Fixed command for public cloud module in Installation and Upgrade Guide (bsc#1216711)
• Removed obsolete command from Administration Guide (bsc#1228577)
• Renamed parameter in Specialized Guides (bsc#1245241)

susemanager-schema:

• Version 4.3.30-0
• Store CPU architecture specific data (jsc#SUMA-406)
• Creation of table suseErrataAdvisoryMap and added errata-advisory-map-sync taskomatic job fixing bug (bsc#1243808)

susemanager-sls:

• Version 4.3.53-0
• Automatically deploy IBM GPG keys to SUSE minions (bsc#1246421)
• Succeed liberate product migration also when reinstall packages is disabled (bsc#1248804)
• Adjust sls files for python311-kiwi (bsc#1251864)(bsc#1253024)
• Collect CPU architecture specific data on hardware profile update (jsc#SUMA-406)

susemanager-tftpsync:

• Version 4.3.5-0
• Use TLS in sync_post_tftpd_proxies (bsc#1243679)
• Refuse files with shell characters (bsc#1243768)

uyuni-base:

• Version 4.3.3-0
• Non-customer-facing optimization and update

How to apply this update:

1. Log in as root user to the SUSE Multi-Linux Manager Server LTS.
2. Stop the Spacewalk service: spacewalk-service stop
3. Apply the patch using either zypper patch or YaST Online Update.
4. Start the Spacewalk service: spacewalk-service start

Recommended update for uyuni-proxy-systemd-services

Description:

This update fixes the following issues:

uyuni-proxy-systemd-services:

• Version 4.3.19-0
• Update for SUSE Manager 4.3.17

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Manager Client Tools for SLE 15
  zypper in -t patch SUSE-SLE-Manager-Tools-15-2026-1031=1
• SUSE Manager Client Tools for SLE Micro 5
  zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2026-1031=1

Package List:

• SUSE Manager Client Tools for SLE 15 (noarch)
  • uyuni-proxy-systemd-services-4.3.19-150000.1.40.2
• SUSE Manager Client Tools for SLE Micro 5 (noarch)
  • uyuni-proxy-systemd-services-4.3.19-150000.1.40.2

References:

• https://www.suse.com/security/cve/CVE-2024-29371.html
• https://bugzilla.suse.com/show_bug.cgi?id=1213308
• https://bugzilla.suse.com/show_bug.cgi?id=1214568
• https://bugzilla.suse.com/show_bug.cgi?id=1214569
• https://bugzilla.suse.com/show_bug.cgi?id=1216711
• https://bugzilla.suse.com/show_bug.cgi?id=1217755
• https://bugzilla.suse.com/show_bug.cgi?id=1220899
• https://bugzilla.suse.com/show_bug.cgi?id=1221950
• https://bugzilla.suse.com/show_bug.cgi?id=1223368
• https://bugzilla.suse.com/show_bug.cgi?id=1227577
• https://bugzilla.suse.com/show_bug.cgi?id=1227579
• https://bugzilla.suse.com/show_bug.cgi?id=1228577
• https://bugzilla.suse.com/show_bug.cgi?id=1230876
• https://bugzilla.suse.com/show_bug.cgi?id=1232125
• https://bugzilla.suse.com/show_bug.cgi?id=1233496
• https://bugzilla.suse.com/show_bug.cgi?id=1236066
• https://bugzilla.suse.com/show_bug.cgi?id=1236799
• https://bugzilla.suse.com/show_bug.cgi?id=1237536
• https://bugzilla.suse.com/show_bug.cgi?id=1238481
• https://bugzilla.suse.com/show_bug.cgi?id=1239636
• https://bugzilla.suse.com/show_bug.cgi?id=1240565
• https://bugzilla.suse.com/show_bug.cgi?id=1241013
• https://bugzilla.suse.com/show_bug.cgi?id=1243241
• https://bugzilla.suse.com/show_bug.cgi?id=1243679
• https://bugzilla.suse.com/show_bug.cgi?id=1243768
• https://bugzilla.suse.com/show_bug.cgi?id=1243808
• https://bugzilla.suse.com/show_bug.cgi?id=1243876
• https://bugzilla.suse.com/show_bug.cgi?id=1243881
• https://bugzilla.suse.com/show_bug.cgi?id=1244177
• https://bugzilla.suse.com/show_bug.cgi?id=1244542
• https://bugzilla.suse.com/show_bug.cgi?id=1244648
• https://bugzilla.suse.com/show_bug.cgi?id=1244724
• https://bugzilla.suse.com/show_bug.cgi?id=1245241
• https://bugzilla.suse.com/show_bug.cgi?id=1245307
• https://bugzilla.suse.com/show_bug.cgi?id=1245405
• https://bugzilla.suse.com/show_bug.cgi?id=1245766
• https://bugzilla.suse.com/show_bug.cgi?id=1246421
• https://bugzilla.suse.com/show_bug.cgi?id=1246981
• https://bugzilla.suse.com/show_bug.cgi?id=1247038
• https://bugzilla.suse.com/show_bug.cgi?id=1248741
• https://bugzilla.suse.com/show_bug.cgi?id=1248804
• https://bugzilla.suse.com/show_bug.cgi?id=1249502
• https://bugzilla.suse.com/show_bug.cgi?id=1251864
• https://bugzilla.suse.com/show_bug.cgi?id=1251995
• https://bugzilla.suse.com/show_bug.cgi?id=1252937
• https://bugzilla.suse.com/show_bug.cgi?id=1253024
• https://bugzilla.suse.com/show_bug.cgi?id=1253068
• https://bugzilla.suse.com/show_bug.cgi?id=1253158
• https://bugzilla.suse.com/show_bug.cgi?id=1253322
• https://bugzilla.suse.com/show_bug.cgi?id=1253501
• https://bugzilla.suse.com/show_bug.cgi?id=1253773
• https://bugzilla.suse.com/show_bug.cgi?id=1255298
• https://bugzilla.suse.com/show_bug.cgi?id=1257538
• https://jira.suse.com/browse/MSQA-1046
• https://jira.suse.com/browse/SUMA-406