Security update 5.1.2 for Multi-Linux Manager Client Tools

Announcement ID:	SUSE-SU-2026:0627-1
Release Date:	2026-02-25T09:44:02Z
Rating:	important
References:	bsc#1227579 bsc#1240532 bsc#1246130 bsc#1249532 bsc#1251995 bsc#1253174 bsc#1253659 bsc#1254325 bsc#1254903 bsc#1254904 bsc#1254905 jsc#MSQA-1040
Cross-References:	CVE-2025-67724 CVE-2025-67725 CVE-2025-67726
CVSS scores:	CVE-2025-67724 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N CVE-2025-67724 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVE-2025-67724 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVE-2025-67724 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2025-67725 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-67725 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-67725 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-67726 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-67726 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-67726 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:	SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 7, RHEL and clones

An update that solves three vulnerabilities, contains one feature and has eight security fixes can now be installed.

Description:

This update fixes the following issues:

golang-github-QubitProducts-exporter_exporter:

• Non-customer-facing optimization around source building

golang-github-lusitaniae-apache_exporter:

• Build without apparmor for openSUSE Leap 16, SLES 16 or newer
• Require Go 1.23 for building
• Update to version 1.0.10
• Update github.com/prometheus/client_golang to 1.21.1
• Update github.com/prometheus/common to 0.63.0
• Update github.com/prometheus/exporter-toolkit to 0.14.0
• Update to version 1.0.9
• Update github.com/prometheus/client_golang to 1.20.4
• Update github.com/prometheus/common to 0.59.1
• Update github.com/prometheus/exporter-toolkit to 0.13.0
• Migrate logging to log/slog
• Fix signal handler logging

mgr-push:

• Version 5.1.5-0
• Non-customer-facing optimization and update

rhnlib:

• Version 5.1.4-0
• Non-customer-facing optimization and update

spacecmd:

• Version 5.1.12-0
• Fix spacecmd binary file upload (bsc#1253659)
• Fix typo in spacecmd help ca-cert flag (bsc#1253174)
• Convert cached IDs to int (bsc#1251995)
• Fix methods in api namespace in spacecmd (bsc#1249532)
• Make caching code Py 2.7 compatible
• Use JSON instead of pickle for spacecmd cache (bsc#1227579)
• Python 2.7 cannot re-raise exceptions

spacewalk-client-tools:

• Version 5.1.8-0
• Non-customer-facing optimization and update

uyuni-common-libs:

• Version 5.1.5-0
• Non-customer-facing optimization and update

venv-salt-minion:

• Backport security patches for Salt vendored tornado:
• CVE-2025-67724: missing validation of supplied reason phrase (bsc#1254903)
• CVE-2025-67725: fix DoS via malicious HTTP request (bsc#1254905)
• CVE-2025-67726: fix HTTP header parameter parsing algorithm (bsc#1254904)
• Make syntax in httputil_test compatible with Python 3.6
• Fix KeyError in postgres module with PostgreSQL 17 (bsc#1254325)
• Use internal deb classes instead of external aptsource lib
• Speed up wheel key.finger call (bsc#1240532)
• Simplify and speed up utils.find_json function (bsc#1246130)
• Extend warn_until period to 2027

Special Instructions and Notes:

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 7, RHEL and clones
  zypper in -t patch SUSE-MultiLinuxManagerTools-RES-7-2026-627=1

Package List:

• SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 7, RHEL and clones (aarch64 ppc64le x86_64)
  • python2-uyuni-common-libs-5.1.5-70002.3.3.1
  • golang-github-lusitaniae-apache_exporter-1.0.10-70002.3.3.1
  • venv-salt-minion-3006.0-70002.5.9.1
  • golang-github-QubitProducts-exporter_exporter-0.4.0-70002.3.3.1
• SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 7, RHEL and clones (noarch)
  • python2-spacewalk-client-tools-5.1.8-70002.3.6.1
  • python2-mgr-push-5.1.5-70002.3.6.2
  • python2-rhnlib-5.1.4-70002.3.6.1
  • spacewalk-client-tools-5.1.8-70002.3.6.1
  • mgr-push-5.1.5-70002.3.6.2
  • spacecmd-5.1.12-70002.3.6.1

References:

• https://www.suse.com/security/cve/CVE-2025-67724.html
• https://www.suse.com/security/cve/CVE-2025-67725.html
• https://www.suse.com/security/cve/CVE-2025-67726.html
• https://bugzilla.suse.com/show_bug.cgi?id=1227579
• https://bugzilla.suse.com/show_bug.cgi?id=1240532
• https://bugzilla.suse.com/show_bug.cgi?id=1246130
• https://bugzilla.suse.com/show_bug.cgi?id=1249532
• https://bugzilla.suse.com/show_bug.cgi?id=1251995
• https://bugzilla.suse.com/show_bug.cgi?id=1253174
• https://bugzilla.suse.com/show_bug.cgi?id=1253659
• https://bugzilla.suse.com/show_bug.cgi?id=1254325
• https://bugzilla.suse.com/show_bug.cgi?id=1254903
• https://bugzilla.suse.com/show_bug.cgi?id=1254904
• https://bugzilla.suse.com/show_bug.cgi?id=1254905
• https://jira.suse.com/browse/MSQA-1040