SUSE alert openSUSE-SU-2025-20031-1 (warewulf4)
| From: | meissner@suse.com | |
| To: | security-announce@lists.opensuse.org | |
| Subject: | openSUSE-SU-2025-20031-1: important: Security update for warewulf4 | |
| Date: | Tue, 11 Nov 2025 13:08:08 +0100 | |
| Message-ID: | <20251111120808.58FA6FBA0@maintenance.suse.de> | |
| Archive-link: | Article |
openSUSE security update: security update for warewulf4 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2025-20031-1 Rating: important References: * bsc#1227465 * bsc#1227686 * bsc#1246082 * bsc#1248768 * bsc#1248906 Cross-References: * CVE-2025-58058 CVSS scores: * CVE-2025-58058 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-58058 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves one vulnerability and has 5 bug fixes can now be installed. Description: This update for warewulf4 fixes the following issues: Changes in warewulf4: - Update to version 4.6.4: * v4.6.4 release updates * Convert disk booleans from wwbool to *bool which allows bools in disk to be set to false via command line (bsc#1248768) * Update NetworkManager Overlay * Disable ipv4 in NetworkManager if no address or route is specified * fix(wwctl): Create overlay edit tempfile in tmpdir * Add default for systemd name for warewulf in warewulf.conf * Atomic overlay file application in wwclient * Simpler names for overlay methods * Fix warewulfd api behavior when deleting distribution overlay - Update to version 4.6.3: * v4.6.3 release * IPv6 iPXE support * Fix a syntax error in the RPM specfile * Fix a race condition in wwctl overlay edit * Fixed handling of comma-separated mount options in `fstab` and `ignition` overlays * Move reexec.Init() to beginning of wwctl * Add documentation for using tmpfs to distribute across numa nodes * added warewuld configure option * Fix wwctl upgrade nodes to handle kernel argument lists (bsc#1227686 bsc#1227465) * Address copilot review from #1945 * Refactor wwapi tests for proper isolation * Bugfix: cloning a site overlay when parent dir does not exist * Clone to a site overlay when adding files in wwapi * Consolidated createOverlayFile and updateOverlayFile to addOverlayFile * Support for creating and updating overlay file in wwapi * Only return overlay files that refer to a path within the overlay * add overlay file deletion support * DELETE /api/overlays/{id}?force=true can delete overlays in use * Restore idempotency of PUT /api/nodes/{id} * Simplify overlay mtime api and add tests * add node overlay buildtime * Improved netplan support * Rebuild overlays for discovered nodes * Restrict userdocs from building during pr when not modified * Update to v4.6.2 GitHub release notes Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-packagehub-7=1 Package List: - openSUSE Leap 16.0: warewulf4-4.6.4-bp160.1.1 warewulf4-dracut-4.6.4-bp160.1.1 warewulf4-man-4.6.4-bp160.1.1 warewulf4-overlay-4.6.4-bp160.1.1 warewulf4-overlay-rke2-4.6.4-bp160.1.1 warewulf4-overlay-slurm-4.6.4-bp160.1.1 warewulf4-reference-doc-4.6.4-bp160.1.1 References: * https://www.suse.com/security/cve/CVE-2025-58058.html