Security update for SUSE Manager Client Tools MU 5.0.3

Announcement ID:	SUSE-SU-2025:0529-1
Release Date:	2025-02-14T07:19:47Z
Rating:	moderate
References:	bsc#1229079 bsc#1229104 bsc#1231497 bsc#1231568 bsc#1231759 bsc#1232575 bsc#1232769 bsc#1232817 bsc#1233202 bsc#1233279 bsc#1233630 bsc#1233660 bsc#1234123 jsc#MSQA-914
Cross-References:	CVE-2024-22037
CVSS scores:	CVE-2024-22037 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L CVE-2024-22037 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2024-22037 ( NVD ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVE-2024-22037 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products:	SUSE Manager Client Tools for Debian 12

An update that solves one vulnerability, contains one feature and has 12 security fixes can now be installed.

Description:

This update fixes the following issues:

spacecmd was updated to version 5.0.11-0:

• Updated translation strings

uyuni-tools was updated from version 0.1.23-0 to 0.1.27-0:

• Security issues fixed:
• CVE-2024-22037: Use podman secret to store the database credentials (bsc#1231497)
• Other changes and bugs fixed:
• Version 0.1.27-0
  • Bump the default image tag to 5.0.3
  • IsInstalled function fix
  • Run systemctl daemon-reload after changing the container image config (bsc#1233279)
  • Coco-replicas-upgrade
  • Persist search server indexes (bsc#1231759)
  • Sync deletes files during migration (bsc#1233660)
  • Ignore coco and hub images when applying PTF if they are not ailable (bsc#1229079)
  • Add --registry back to mgrpxy (bsc#1233202)
  • Only add java.hostname on migrated server if not present
  • Consider the configuration file to detect the coco or hub api images should be pulled (bsc#1229104)
  • Only raise an error if cloudguestregistryauth fails for PAYG (bsc#1233630)
  • Add registry.suse.com login to mgradm upgrade podman list (bsc#1234123)
• Version 0.1.26-0
  • Ignore all zypper caches during migration (bsc#1232769)
  • Use the uyuni network for all podman containers (bsc#1232817)
• Version 0.1.25-0
  • Don't migrate enabled systemd services, recreate them (bsc#1232575)
• Version 0.1.24-0
  • Redact JSESSIONID and pxt-session-cookie values from logs and console output (bsc#1231568)

Special Instructions and Notes:

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Manager Client Tools for Debian 12
  zypper in -t patch SUSE-Debian-12-CLIENT-TOOLS-x86_64-2025-529=1

Package List:

• SUSE Manager Client Tools for Debian 12 (all)
  • mgrctl-fish-completion-0.1.28-2.16.1
  • mgrctl-bash-completion-0.1.28-2.16.1
  • spacecmd-5.0.11-3.26.1
  • mgrctl-zsh-completion-0.1.28-2.16.1
• SUSE Manager Client Tools for Debian 12 (amd64)
  • mgrctl-0.1.28-2.16.1

References:

• https://www.suse.com/security/cve/CVE-2024-22037.html
• https://bugzilla.suse.com/show_bug.cgi?id=1229079
• https://bugzilla.suse.com/show_bug.cgi?id=1229104
• https://bugzilla.suse.com/show_bug.cgi?id=1231497
• https://bugzilla.suse.com/show_bug.cgi?id=1231568
• https://bugzilla.suse.com/show_bug.cgi?id=1231759
• https://bugzilla.suse.com/show_bug.cgi?id=1232575
• https://bugzilla.suse.com/show_bug.cgi?id=1232769
• https://bugzilla.suse.com/show_bug.cgi?id=1232817
• https://bugzilla.suse.com/show_bug.cgi?id=1233202
• https://bugzilla.suse.com/show_bug.cgi?id=1233279
• https://bugzilla.suse.com/show_bug.cgi?id=1233630
• https://bugzilla.suse.com/show_bug.cgi?id=1233660
• https://bugzilla.suse.com/show_bug.cgi?id=1234123
• https://jira.suse.com/browse/MSQA-914