Security update for SUSE Manager Client Tools

Announcement ID: SUSE-SU-2025:20124-1
Release Date: 2025-02-13T08:40:08Z
Rating: moderate
References:
Cross-References:
CVSS scores:
  • CVE-2024-22037 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L
  • CVE-2024-22037 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2024-22037 ( NVD ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • CVE-2024-22037 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products:
  • SUSE Linux Micro 6.0

An update that solves one vulnerability, contains one feature and has 16 fixes can now be installed.

Description:

This update fixes the following issues:

salt:

  • Revert setting SELinux context for minion service (bsc#1233667)
  • Removed System V init support
  • Fix the condition of alternatives for Tumbleweed and Leap 16
  • Build all python bindings for all flavors
  • Make minion reconnecting on changing master IP (bsc#1228182)
  • Handle logger exception when flushing already closed file
  • Include passlib as a recommended dependency
  • Make Salt Bundle more tolerant to long running jobs (bsc#1228690)

uyuni-tools was updated from version 0.1.23-0 to 0.1.27-0:

  • Security issues fixed:
  • CVE-2024-22037: Use podman secret to store the database credentials (bsc#1231497)
  • Other changes and bugs fixed:
  • Version 0.1.27-0
    • Bump the default image tag to 5.0.3
    • IsInstalled function fix
    • Run systemctl daemon-reload after changing the container image config (bsc#1233279)
    • Coco-replicas-upgrade
    • Persist search server indexes (bsc#1231759)
    • Sync deletes files during migration (bsc#1233660)
    • Ignore coco and hub images when applying PTF if they are not ailable (bsc#1229079)
    • Add --registry back to mgrpxy (bsc#1233202)
    • Only add java.hostname on migrated server if not present
    • Consider the configuration file to detect the coco or hub api images should be pulled (bsc#1229104)
    • Only raise an error if cloudguestregistryauth fails for PAYG (bsc#1233630)
    • Add registry.suse.com login to mgradm upgrade podman list (bsc#1234123)
  • Version 0.1.26-0
    • Ignore all zypper caches during migration (bsc#1232769)
    • Use the uyuni network for all podman containers (bsc#1232817)
  • Version 0.1.25-0
    • Don't migrate enabled systemd services, recreate them (bsc#1232575)
  • Version 0.1.24-0
    • Redact JSESSIONID and pxt-session-cookie values from logs and console output (bsc#1231568)

venv-salt-minion:

  • Included D-Bus python module for SUSE distros (bsc#1231618)
  • Reverted setting SELinux context for minion service (bsc#1233667)
  • Make minion reconnecting on changing master IP (bsc#1228182)
  • Fixed post_start_cleanup.sh shebang to work on all systems
  • Handle logger exception when flushing already closed file
  • Made Salt Bundle more tolerant to long running jobs (bsc#1228690)
  • Modified:
  • include-rpm
  • filter-requires.sh

Special Instructions and Notes:

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Micro 6.0
    zypper in -t patch SUSE-SLE-Micro-6.0-211=1

Package List:

  • SUSE Linux Micro 6.0 (aarch64 s390x x86_64)
    • salt-minion-3006.0-9.1
    • salt-3006.0-9.1
    • python311-salt-3006.0-9.1
    • salt-master-3006.0-9.1
    • salt-transactional-update-3006.0-9.1

References: