Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools

Announcement ID:	SUSE-SU-2026:1141-1
Release Date:	2026-03-30T09:16:09Z
Rating:	moderate
References:	bsc#1254256 bsc#1254257 bsc#1254903 bsc#1254904 bsc#1254905 bsc#1257447 bsc#1258015 jsc#MSQA-1044
Cross-References:	CVE-2025-62348 CVE-2025-62349 CVE-2025-67724 CVE-2025-67725 CVE-2025-67726
CVSS scores:	CVE-2025-62348 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-62348 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-62348 ( NVD ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVE-2025-62348 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-62349 ( SUSE ): 7.5 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N CVE-2025-62349 ( SUSE ): 6.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L CVE-2025-62349 ( NVD ): 7.5 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVE-2025-62349 ( NVD ): 6.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L CVE-2025-67724 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N CVE-2025-67724 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVE-2025-67724 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVE-2025-67724 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2025-67725 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-67725 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-67725 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-67726 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-67726 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-67726 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:	SUSE Multi-Linux Manager Beta Client Tools for SUSE Liberty Linux 8, RHEL and clones

An update that solves five vulnerabilities, contains one feature and has two security fixes can now be installed.

Description:

This update fixes the following issues:

spacecmd:

• Version 5.2.6-0
• Update translation strings

uyuni-tools:

• Version 5.2.5-0
• Remove migrate command
• Remove template script from mgradm: use the one in the image
• Split the TFTP server into a separate container
• Explicitly start proxy pods after operations (bsc#1258015)
• Adjust mgrctl server filter to work with the new helm chart labels
• Remove hub register command
• Remove the Kubernetes install and upgrade from mgrpxy
• Optimize postgres migration disk space usage (bsc#1257447)

venv-salt-minion:

• Fix the typo causing buiding EL9 bundle without binary dependencies
• Backport security patches for Salt vendored tornado:
• CVE-2025-67724: missing validation of supplied reason phrase (bsc#1254903)
• CVE-2025-67725: fix DoS via malicious HTTP request (bsc#1254905)
• CVE-2025-67726: fix HTTP header parameter parsing algorithm (bsc#1254904)
• CVE-2025-62349: Add minimum_auth_version to enforce security (bsc#1254257)
• CVE-2025-62348: Junos module yaml loader fix (bsc#1254256)

Special Instructions and Notes:

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Multi-Linux Manager Beta Client Tools for SUSE Liberty Linux 8, RHEL and clones
  zypper in -t patch SUSE-MultiLinuxManagerTools-Beta-EL-8-2026-1141=1

Package List:

• SUSE Multi-Linux Manager Beta Client Tools for SUSE Liberty Linux 8, RHEL and clones (aarch64 ppc64le x86_64)
  • venv-salt-minion-3006.0-80052.6.3.2
  • golang-github-prometheus-node_exporter-1.9.1-80052.3.2.3
  • mgrctl-5.2.5-80052.4.3.3
• SUSE Multi-Linux Manager Beta Client Tools for SUSE Liberty Linux 8, RHEL and clones (noarch)
  • spacecmd-5.2.6-80052.4.3.2
  • mgrctl-bash-completion-5.2.5-80052.4.3.3
  • scap-security-guide-redhat-0.1.79-80052.4.2.3
  • mgrctl-zsh-completion-5.2.5-80052.4.3.3

References:

• https://www.suse.com/security/cve/CVE-2025-62348.html
• https://www.suse.com/security/cve/CVE-2025-62349.html
• https://www.suse.com/security/cve/CVE-2025-67724.html
• https://www.suse.com/security/cve/CVE-2025-67725.html
• https://www.suse.com/security/cve/CVE-2025-67726.html
• https://bugzilla.suse.com/show_bug.cgi?id=1254256
• https://bugzilla.suse.com/show_bug.cgi?id=1254257
• https://bugzilla.suse.com/show_bug.cgi?id=1254903
• https://bugzilla.suse.com/show_bug.cgi?id=1254904
• https://bugzilla.suse.com/show_bug.cgi?id=1254905
• https://bugzilla.suse.com/show_bug.cgi?id=1257447
• https://bugzilla.suse.com/show_bug.cgi?id=1258015
• https://jira.suse.com/browse/MSQA-1044