Maintenance update for Multi-Linux Manager 4.3 LTS Release Notes Release Notes

Announcement ID:	SUSE-SU-2025:3827-1
Release Date:	2025-10-28T07:26:58Z
Rating:	important
References:	bsc#1227577 bsc#1246277 bsc#1246439 bsc#1248252 jsc#MSQA-1026
Cross-References:	CVE-2025-53192 CVE-2025-53880 CVE-2025-53883
CVSS scores:	CVE-2025-53192 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-53192 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L CVE-2025-53192 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2025-53880 ( SUSE ): 8.7 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-53880 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:	openSUSE Leap 15.4 SUSE Manager Proxy 4.3 SUSE Manager Proxy 4.3 LTS SUSE Manager Retail Branch Server 4.3 SUSE Manager Retail Branch Server 4.3 LTS SUSE Manager Server 4.3 SUSE Manager Server 4.3 LTS

An update that solves three vulnerabilities, contains one feature and has one security fix can now be installed.

Security update 4.3.16.1 for SUSE Manager Proxy and Retail Branch Release Notes

Description:

This update fixes the following issues:

release-notes-susemanager-proxy:

• Update to SUSE Manager 4.3.16.1
• CVEs Fixed: CVE-2025-53883
• Bugs mentioned: bsc#1246277, bsc#1227577

Security update 4.3.16.1 for SUSE Manager Server Release Notes

Description:

This update fixes the following issues:

release-notes-susemanager:

• Update to SUSE Manager 4.3.16.1
• CVEs Fixed: CVE-2025-53883, CVE-2025-53880, CVE-2025-53192
• Bugs mentioned: bsc#1246439, bsc#1246277, bsc#1248252

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• openSUSE Leap 15.4
  zypper in -t patch SUSE-2025-3827=1
• SUSE Manager Proxy 4.3 LTS
  zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2025-3827=1
• SUSE Manager Retail Branch Server 4.3 LTS
  zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.3-LTS-2025-3827=1
• SUSE Manager Server 4.3 LTS
  zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-3827=1

Package List:

• openSUSE Leap 15.4 (noarch)
  • release-notes-susemanager-proxy-4.3.16.1-150400.3.101.2
  • release-notes-susemanager-4.3.16.1-150400.3.143.2
• SUSE Manager Proxy 4.3 LTS (noarch)
  • release-notes-susemanager-proxy-4.3.16.1-150400.3.101.2
• SUSE Manager Retail Branch Server 4.3 LTS (noarch)
  • release-notes-susemanager-proxy-4.3.16.1-150400.3.101.2
• SUSE Manager Server 4.3 LTS (noarch)
  • release-notes-susemanager-4.3.16.1-150400.3.143.2

References:

• https://www.suse.com/security/cve/CVE-2025-53192.html
• https://www.suse.com/security/cve/CVE-2025-53880.html
• https://www.suse.com/security/cve/CVE-2025-53883.html
• https://bugzilla.suse.com/show_bug.cgi?id=1227577
• https://bugzilla.suse.com/show_bug.cgi?id=1246277
• https://bugzilla.suse.com/show_bug.cgi?id=1246439
• https://bugzilla.suse.com/show_bug.cgi?id=1248252
• https://jira.suse.com/browse/MSQA-1026