Security update for warewulf4

Announcement ID:	SUSE-SU-2025:03448-1
Release Date:	2025-10-02T07:15:03Z
Rating:	moderate
References:	bsc#1227465 bsc#1227686 bsc#1246082 bsc#1248768 bsc#1248906
Cross-References:	CVE-2025-58058
CVSS scores:	CVE-2025-58058 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2025-58058 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2025-58058 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:	HPC Module 15-SP6 HPC Module 15-SP7 openSUSE Leap 15.5 openSUSE Leap 15.6 SUSE Linux Enterprise Server 15 SP6 SUSE Linux Enterprise Server 15 SP7

An update that solves one vulnerability and has four security fixes can now be installed.

Description:

This update for warewulf4 fixes the following issues:

Update to version 4.6.4.

Security issues fixed:

• CVE-2025-58058: xz: excessive memory consuption when unpacking a large number of corrupted LZMA archives (bsc#1248906).

Other issues fixed:

• Convert disk booleans from wwbool to *bool which allows bools in disk to be set to false via command line (bsc#1248768).
• Fix wwctl upgrade nodes to handle kernel argument lists (bsc#1227686, bsc#1227465).
• Mark slurm as recommeneded in the warewulf4-overlay-slurm package (bsc#1246082).

• Switch to dnsmasq as default DHCP and TFTP provider.

• v4.6.4 release updates:

• Update NetworkManager Overlay
  • Disable IPv4 in NetworkManager if no address or route is specified
• Fix(wwctl): create overlay edit tempfile in tmpdir
• Add default for systemd name for warewulf in warewulf.conf
• Atomic overlay file application in wwclient
• Simpler names for overlay methods

• Fix warewulfd API behavior when deleting distribution overlay

• v4.6.3 release updates:

• IPv6 iPXE support
• Fix a race condition in wwctl overlay edit
• Fixed handling of comma-separated mount options in fstab and ignition overlays
• Move reexec.Init() to beginning of wwctl
• Added warewuld configure option
• Address copilot review from #1945
• Bugfix: cloning a site overlay when parent dir does not exist
• Clone to a site overlay when adding files in wwapi
• Consolidated createOverlayFile and updateOverlayFile to addOverlayFile
• Support for creating and updating overlay file in wwapi
• Only return overlay files that refer to a path within the overlay
• Add overlay file deletion support
• DELETE /api/overlays/{id}?force=true can delete overlays in use
• Restore idempotency of PUT /api/nodes/{id}
• Simplify overlay mtime API and add tests
• Add node overlay buildtime
• Improved netplan support

• Rebuild overlays for discovered nodes

• v4.6.2 release updates:

• (preview) support for provisioning to local disk

• incoperated from v4.6.1:

• REST API, which is disabled in the default configuration

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• openSUSE Leap 15.5
  zypper in -t patch SUSE-2025-3448=1
• openSUSE Leap 15.6
  zypper in -t patch openSUSE-SLE-15.6-2025-3448=1
• HPC Module 15-SP6
  zypper in -t patch SUSE-SLE-Module-HPC-15-SP6-2025-3448=1
• HPC Module 15-SP7
  zypper in -t patch SUSE-SLE-Module-HPC-15-SP7-2025-3448=1

Package List:

• openSUSE Leap 15.5 (aarch64 x86_64)
  • warewulf4-overlay-4.6.4-150500.6.37.1
  • warewulf4-4.6.4-150500.6.37.1
• openSUSE Leap 15.5 (noarch)
  • warewulf4-overlay-slurm-4.6.4-150500.6.37.1
  • warewulf4-man-4.6.4-150500.6.37.1
  • warewulf4-dracut-4.6.4-150500.6.37.1
  • warewulf4-overlay-rke2-4.6.4-150500.6.37.1
  • warewulf4-reference-doc-4.6.4-150500.6.37.1
• openSUSE Leap 15.6 (aarch64 x86_64)
  • warewulf4-overlay-4.6.4-150500.6.37.1
  • warewulf4-4.6.4-150500.6.37.1
• openSUSE Leap 15.6 (noarch)
  • warewulf4-overlay-slurm-4.6.4-150500.6.37.1
  • warewulf4-man-4.6.4-150500.6.37.1
  • warewulf4-reference-doc-4.6.4-150500.6.37.1
  • warewulf4-dracut-4.6.4-150500.6.37.1
• HPC Module 15-SP6 (aarch64 x86_64)
  • warewulf4-overlay-4.6.4-150500.6.37.1
  • warewulf4-4.6.4-150500.6.37.1
• HPC Module 15-SP6 (noarch)
  • warewulf4-overlay-slurm-4.6.4-150500.6.37.1
  • warewulf4-man-4.6.4-150500.6.37.1
  • warewulf4-reference-doc-4.6.4-150500.6.37.1
  • warewulf4-dracut-4.6.4-150500.6.37.1
• HPC Module 15-SP7 (aarch64 x86_64)
  • warewulf4-overlay-4.6.4-150500.6.37.1
  • warewulf4-4.6.4-150500.6.37.1
• HPC Module 15-SP7 (noarch)
  • warewulf4-overlay-slurm-4.6.4-150500.6.37.1
  • warewulf4-man-4.6.4-150500.6.37.1
  • warewulf4-reference-doc-4.6.4-150500.6.37.1
  • warewulf4-dracut-4.6.4-150500.6.37.1

References:

• https://www.suse.com/security/cve/CVE-2025-58058.html
• https://bugzilla.suse.com/show_bug.cgi?id=1227465
• https://bugzilla.suse.com/show_bug.cgi?id=1227686
• https://bugzilla.suse.com/show_bug.cgi?id=1246082
• https://bugzilla.suse.com/show_bug.cgi?id=1248768
• https://bugzilla.suse.com/show_bug.cgi?id=1248906