Maintenance update for Multi-Linux Manager 4.3 Release Notes Release Notes

Announcement ID:	SUSE-SU-2025:02476-1
Release Date:	2025-07-23T12:37:13Z
Rating:	critical
References:	bsc#1157520 bsc#1191142 bsc#1209060 bsc#1211373 bsc#1213952 bsc#1216187 bsc#1221031 bsc#1225740 bsc#1230403 bsc#1230908 bsc#1233371 bsc#1234608 bsc#1236601 bsc#1236635 bsc#1236779 bsc#1236810 bsc#1236877 bsc#1236910 bsc#1237060 bsc#1237082 bsc#1237294 bsc#1237403 bsc#1237581 bsc#1237694 bsc#1237770 bsc#1238922 bsc#1238924 bsc#1239102 bsc#1239154 bsc#1239604 bsc#1239743 bsc#1239826 bsc#1239868 bsc#1239907 bsc#1240038 bsc#1240386 bsc#1240666 bsc#1240842 bsc#1241239 bsc#1241286 bsc#1241455 bsc#1241490 bsc#1242004 bsc#1242030 bsc#1242148 bsc#1242554 bsc#1242911 bsc#1243239 bsc#1243460 bsc#1243724 bsc#1243825 bsc#1244065 bsc#1244290 bsc#1245005 bsc#1245027 bsc#1245222 bsc#1245368 bsc#1246119 jsc#MSQA-993
Cross-References:	CVE-2024-38822 CVE-2024-38823 CVE-2024-38824 CVE-2024-38825 CVE-2025-22236 CVE-2025-22237 CVE-2025-22238 CVE-2025-22239 CVE-2025-22240 CVE-2025-22241 CVE-2025-22242 CVE-2025-23392 CVE-2025-23393 CVE-2025-46809 CVE-2025-46811
CVSS scores:	CVE-2024-38822 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N CVE-2024-38822 ( SUSE ): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N CVE-2024-38822 ( NVD ): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N CVE-2024-38823 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N CVE-2024-38823 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2024-38823 ( NVD ): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N CVE-2024-38824 ( SUSE ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N CVE-2024-38824 ( SUSE ): 9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N CVE-2024-38824 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N CVE-2024-38824 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2024-38825 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N CVE-2024-38825 ( SUSE ): 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE-2024-38825 ( NVD ): 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVE-2025-22236 ( SUSE ): 6.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L CVE-2025-22236 ( SUSE ): 8.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L CVE-2025-22236 ( NVD ): 8.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L CVE-2025-22237 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-22237 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2025-22237 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2025-22238 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N CVE-2025-22238 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N CVE-2025-22238 ( NVD ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N CVE-2025-22239 ( SUSE ): 6.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L CVE-2025-22239 ( SUSE ): 8.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L CVE-2025-22239 ( NVD ): 8.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L CVE-2025-22240 ( SUSE ): 5.4 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-22240 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H CVE-2025-22240 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H CVE-2025-22241 ( SUSE ): 5.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVE-2025-22241 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N CVE-2025-22241 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N CVE-2025-22242 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-22242 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2025-22242 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H CVE-2025-23392 ( SUSE ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N CVE-2025-23392 ( SUSE ): 5.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N CVE-2025-23392 ( NVD ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVE-2025-23392 ( NVD ): 5.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N CVE-2025-23393 ( SUSE ): 5.8 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H CVE-2025-23393 ( SUSE ): 6.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L CVE-2025-23393 ( NVD ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVE-2025-23393 ( NVD ): 5.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N CVE-2025-46809 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N CVE-2025-46809 ( SUSE ): 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N CVE-2025-46811 ( SUSE ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-46811 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:	openSUSE Leap 15.4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3

An update that solves 15 vulnerabilities, contains one feature and has 43 security fixes can now be installed.

Security update 4.3.16 for Multi-Linux Manager Proxy and Retail Branch Server

Description:

This update fixes the following issues:

release-notes-susemanager-proxy:

• Update to SUSE Manager 4.3.16
• CVE Fixed CVE-2025-23392, CVE-2025-23393, CVE-2025-46809
• Bugs mentioned: bsc#1236601, bsc#1236635, bsc#1236779, bsc#1237294, bsc#1238922 bsc#1239826, bsc#1240386, bsc#1242004, bsc#1243460, bsc#1245222 bsc#1245005

Security update 4.3.16 for Multi-Linux Manager Server

Description:

This update fixes the following issues:

release-notes-susemanager:

• Update to SUSE Manager 4.3.16
• Important Salt Security Update
• Added support for SUSE Linux Enterprise 15 SP7 as a client using the Salt Bundle
• CVE Fixed CVE-2025-23392, CVE-2025-23393, CVE-2024-38824, CVE-2025-22239 CVE-2025-22236, CVE-2025-22237, CVE-2024-38825, CVE-2025-22240 CVE-2024-38823, CVE-2025-22241, CVE-2025-22238, CVE-2025-22242 CVE-2024-38822, CVE-2025-46811, CVE-2025-46809
• Bugs mentioned: bsc#1157520, bsc#1191142, bsc#1209060, bsc#1211373, bsc#1213952 bsc#1216187, bsc#1221031, bsc#1225740, bsc#1230403, bsc#1230908 bsc#1233371, bsc#1234608, bsc#1236635, bsc#1236779, bsc#1236810 bsc#1236877, bsc#1236910, bsc#1237060, bsc#1237082, bsc#1237294 bsc#1237403, bsc#1237581, bsc#1237694, bsc#1237770, bsc#1238922 bsc#1238924, bsc#1239102, bsc#1239154, bsc#1239604, bsc#1239743 bsc#1239826, bsc#1239868, bsc#1239907, bsc#1240038, bsc#1240386 bsc#1240666, bsc#1240842, bsc#1241239, bsc#1241286, bsc#1241455 bsc#1241490, bsc#1242004, bsc#1242030, bsc#1242148, bsc#1242554 bsc#1242911, bsc#1243239, bsc#1243460, bsc#1243724, bsc#1243825 bsc#1244065, bsc#1244290, bsc#1245027, bsc#1245222, bsc#1245368 bsc#1245005, bsc#1246119

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Manager Retail Branch Server 4.3
  zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.3-2025-2476=1
• SUSE Manager Server 4.3
  zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-2476=1
• openSUSE Leap 15.4
  zypper in -t patch SUSE-2025-2476=1
• SUSE Manager Proxy 4.3
  zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-2476=1

Package List:

• SUSE Manager Retail Branch Server 4.3 (noarch)
  • release-notes-susemanager-proxy-4.3.16-150400.3.98.1
• SUSE Manager Server 4.3 (noarch)
  • release-notes-susemanager-4.3.16-150400.3.140.1
• openSUSE Leap 15.4 (noarch)
  • release-notes-susemanager-proxy-4.3.16-150400.3.98.1
  • release-notes-susemanager-4.3.16-150400.3.140.1
• SUSE Manager Proxy 4.3 (noarch)
  • release-notes-susemanager-proxy-4.3.16-150400.3.98.1

References:

• https://www.suse.com/security/cve/CVE-2024-38822.html
• https://www.suse.com/security/cve/CVE-2024-38823.html
• https://www.suse.com/security/cve/CVE-2024-38824.html
• https://www.suse.com/security/cve/CVE-2024-38825.html
• https://www.suse.com/security/cve/CVE-2025-22236.html
• https://www.suse.com/security/cve/CVE-2025-22237.html
• https://www.suse.com/security/cve/CVE-2025-22238.html
• https://www.suse.com/security/cve/CVE-2025-22239.html
• https://www.suse.com/security/cve/CVE-2025-22240.html
• https://www.suse.com/security/cve/CVE-2025-22241.html
• https://www.suse.com/security/cve/CVE-2025-22242.html
• https://www.suse.com/security/cve/CVE-2025-23392.html
• https://www.suse.com/security/cve/CVE-2025-23393.html
• https://www.suse.com/security/cve/CVE-2025-46809.html
• https://www.suse.com/security/cve/CVE-2025-46811.html
• https://bugzilla.suse.com/show_bug.cgi?id=1157520
• https://bugzilla.suse.com/show_bug.cgi?id=1191142
• https://bugzilla.suse.com/show_bug.cgi?id=1209060
• https://bugzilla.suse.com/show_bug.cgi?id=1211373
• https://bugzilla.suse.com/show_bug.cgi?id=1213952
• https://bugzilla.suse.com/show_bug.cgi?id=1216187
• https://bugzilla.suse.com/show_bug.cgi?id=1221031
• https://bugzilla.suse.com/show_bug.cgi?id=1225740
• https://bugzilla.suse.com/show_bug.cgi?id=1230403
• https://bugzilla.suse.com/show_bug.cgi?id=1230908
• https://bugzilla.suse.com/show_bug.cgi?id=1233371
• https://bugzilla.suse.com/show_bug.cgi?id=1234608
• https://bugzilla.suse.com/show_bug.cgi?id=1236601
• https://bugzilla.suse.com/show_bug.cgi?id=1236635
• https://bugzilla.suse.com/show_bug.cgi?id=1236779
• https://bugzilla.suse.com/show_bug.cgi?id=1236810
• https://bugzilla.suse.com/show_bug.cgi?id=1236877
• https://bugzilla.suse.com/show_bug.cgi?id=1236910
• https://bugzilla.suse.com/show_bug.cgi?id=1237060
• https://bugzilla.suse.com/show_bug.cgi?id=1237082
• https://bugzilla.suse.com/show_bug.cgi?id=1237294
• https://bugzilla.suse.com/show_bug.cgi?id=1237403
• https://bugzilla.suse.com/show_bug.cgi?id=1237581
• https://bugzilla.suse.com/show_bug.cgi?id=1237694
• https://bugzilla.suse.com/show_bug.cgi?id=1237770
• https://bugzilla.suse.com/show_bug.cgi?id=1238922
• https://bugzilla.suse.com/show_bug.cgi?id=1238924
• https://bugzilla.suse.com/show_bug.cgi?id=1239102
• https://bugzilla.suse.com/show_bug.cgi?id=1239154
• https://bugzilla.suse.com/show_bug.cgi?id=1239604
• https://bugzilla.suse.com/show_bug.cgi?id=1239743
• https://bugzilla.suse.com/show_bug.cgi?id=1239826
• https://bugzilla.suse.com/show_bug.cgi?id=1239868
• https://bugzilla.suse.com/show_bug.cgi?id=1239907
• https://bugzilla.suse.com/show_bug.cgi?id=1240038
• https://bugzilla.suse.com/show_bug.cgi?id=1240386
• https://bugzilla.suse.com/show_bug.cgi?id=1240666
• https://bugzilla.suse.com/show_bug.cgi?id=1240842
• https://bugzilla.suse.com/show_bug.cgi?id=1241239
• https://bugzilla.suse.com/show_bug.cgi?id=1241286
• https://bugzilla.suse.com/show_bug.cgi?id=1241455
• https://bugzilla.suse.com/show_bug.cgi?id=1241490
• https://bugzilla.suse.com/show_bug.cgi?id=1242004
• https://bugzilla.suse.com/show_bug.cgi?id=1242030
• https://bugzilla.suse.com/show_bug.cgi?id=1242148
• https://bugzilla.suse.com/show_bug.cgi?id=1242554
• https://bugzilla.suse.com/show_bug.cgi?id=1242911
• https://bugzilla.suse.com/show_bug.cgi?id=1243239
• https://bugzilla.suse.com/show_bug.cgi?id=1243460
• https://bugzilla.suse.com/show_bug.cgi?id=1243724
• https://bugzilla.suse.com/show_bug.cgi?id=1243825
• https://bugzilla.suse.com/show_bug.cgi?id=1244065
• https://bugzilla.suse.com/show_bug.cgi?id=1244290
• https://bugzilla.suse.com/show_bug.cgi?id=1245005
• https://bugzilla.suse.com/show_bug.cgi?id=1245027
• https://bugzilla.suse.com/show_bug.cgi?id=1245222
• https://bugzilla.suse.com/show_bug.cgi?id=1245368
• https://bugzilla.suse.com/show_bug.cgi?id=1246119
• https://jira.suse.com/browse/MSQA-993