Security update 5.1.2 for Multi-Linux Manager Client Tools

Announcement ID: SUSE-SU-2026:0625-1
Release Date: 2026-02-25T09:41:52Z
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2025-67724 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
  • CVE-2025-67724 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
  • CVE-2025-67724 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
  • CVE-2025-67724 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • CVE-2025-67725 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-67725 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-67725 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-67726 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-67726 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-67726 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
  • SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 9, RHEL and clones

An update that solves three vulnerabilities, contains two features and has 24 security fixes can now be installed.

Description:

This update fixes the following issues:

golang-github-QubitProducts-exporter_exporter:

  • Non-customer-facing optimization around source building

golang-github-lusitaniae-apache_exporter:

  • Build without apparmor for openSUSE Leap 16, SLES 16 or newer
  • Require Go 1.23 for building
  • Update to version 1.0.10
  • Update github.com/prometheus/client_golang to 1.21.1
  • Update github.com/prometheus/common to 0.63.0
  • Update github.com/prometheus/exporter-toolkit to 0.14.0
  • Update to version 1.0.9
  • Update github.com/prometheus/client_golang to 1.20.4
  • Update github.com/prometheus/common to 0.59.1
  • Update github.com/prometheus/exporter-toolkit to 0.13.0
  • Migrate logging to log/slog
  • Fix signal handler logging

scap-security-guide:

  • Updated to 0.1.79 (jsc#ECO-3319)
    • Add rhcos4 Profile for BSI Grundschutz
    • Create SLE15 general profile
    • Remove OCP STIG V1R1
    • Remove OCP STIG V2R1
    • Various updates for SLE 12/15
  • Updated to 0.1.78 (jsc#ECO-3319)
    • Enable SCE content for problematic rules that can traverse the whole filesystem
    • Remove unnecessary Jinja2 macros in control files
    • Update RHEL 8 STIG to V2R4 and RHEL 9 STIG to V2R5
    • Add Debian 13 profile for ANSSI BP 28 (enhanced)
    • Create SLEM5 General profile
    • Create SL Micro 6 product and general profile
    • Update SLE15 STIG version to V2R5
    • Update SLE12 STIG version to V3R3
    • Update SLEM5 STIG version to V1R2
  • Remove the CIS profiles from all products
  • Remove the CIS profiles from the tarball

spacecmd:

  • Version 5.1.12-0
  • Fix spacecmd binary file upload (bsc#1253659)
  • Fix typo in spacecmd help ca-cert flag (bsc#1253174)
  • Convert cached IDs to int (bsc#1251995)
  • Fix methods in api namespace in spacecmd (bsc#1249532)
  • Make caching code Py 2.7 compatible
  • Use JSON instead of pickle for spacecmd cache (bsc#1227579)
  • Python 2.7 cannot re-raise exceptions

uyuni-tools:

  • Version 5.1.24-0
  • Actually use the --dbupgrade-tag parameter when computing the image URL (bsc#1249400)
  • Handle CA files with symlinks during migration (bsc#1251044)
  • Adjust traefik exposed configuration for chart v27+ (bsc#1247721)
  • Fix systemd object initialization in server rename. (bsc#1250981)
  • Add SSL secrets to the db setup container during migration. (bsc#1250976)
  • Fix images handling in mgrpxy support ptf (bsc#1250940)
  • Fix helm upgrade parameters (bsc#1253966)
  • Detect custom apache and squid config in the /etc/uyuni/proxy folder
  • Add ssh tuning to configure sshd (bsc#1253738)
  • Move the SSL checks at the beginning of the migration
  • Remove cgroup mount for podman containers (bsc#1253347)
  • Convert the traefik install time to local time (bsc#1251138)
  • During migration, krb5.conf.d should be copied in /etc/rhn (bsc#1254478)
  • Read env var from http conf file (bsc#1253282)
  • Add --registry-host, --registry-user and --registry-password to pull images from an authenticate registry
  • Deprecate --registry
  • Unify backup create and restore dryrun option case
  • Fix calling of squid -z in mgrpxy cache clear (bsc#1247644)
  • Always start database container even if enabled
  • Remove extra ipv6 mapping and nftables workaround (bsc#1248848)
  • Remove old PostgreSQL exporter environment file before migration
  • Support config command parse correctly supportconfig output (bsc#1255781)
  • Version 5.1.23-0
  • Update the default tag
  • Version 5.1.22-0
  • Fix cobbler config migration to standalone files
  • Fix generated DB certificate subject alternate names
  • Version 5.1.21-0
  • Remove extraneous quotes when getting the running image (bsc#1249434)

venv-salt-minion:

  • Backport security patches for Salt vendored tornado:
  • CVE-2025-67724: missing validation of supplied reason phrase (bsc#1254903)
  • CVE-2025-67725: fix DoS via malicious HTTP request (bsc#1254905)
  • CVE-2025-67726: fix HTTP header parameter parsing algorithm (bsc#1254904)
  • Make syntax in httputil_test compatible with Python 3.6
  • Fix KeyError in postgres module with PostgreSQL 17 (bsc#1254325)
  • Use internal deb classes instead of external aptsource lib
  • Speed up wheel key.finger call (bsc#1240532)
  • Simplify and speed up utils.find_json function (bsc#1246130)
  • Extend warn_until period to 2027

Special Instructions and Notes:

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 9, RHEL and clones
    zypper in -t patch SUSE-MultiLinuxManagerTools-EL-9-2026-625=1

Package List:

  • SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 9, RHEL and clones (aarch64 ppc64le s390x x86_64)
    • golang-github-lusitaniae-apache_exporter-1.0.10-90002.3.3.1
    • golang-github-QubitProducts-exporter_exporter-0.4.0-90002.3.3.1
    • golang-github-QubitProducts-exporter_exporter-debugsource-0.4.0-90002.3.3.1
    • golang-github-QubitProducts-exporter_exporter-debuginfo-0.4.0-90002.3.3.1
    • venv-salt-minion-3006.0-90002.5.9.1
  • SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 9, RHEL and clones (aarch64 ppc64le s390x)
    • mgrctl-5.1.24-90002.3.6.1
  • SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 9, RHEL and clones (noarch)
    • mgrctl-zsh-completion-5.1.24-90002.3.6.1
    • spacecmd-5.1.12-90002.3.6.1
    • scap-security-guide-redhat-0.1.79-90002.3.6.1
    • mgrctl-bash-completion-5.1.24-90002.3.6.1

References: