|
|
Subscribe / Log in / New account

SUSE alert SUSE-SU-2025:20992-1 (proxy-helm, uyuni-tools)



From:
              SLE-SECURITY-UPDATES <null@suse.de>


To:
              sle-security-updates@lists.suse.com


Subject:
              SUSE-SU-2025:20992-1: important: Security update 5.1.1 of SUSE Multi-Linux Manager


Date:
              Wed, 12 Nov 2025 12:31:09 -0000


Message-ID:
              <176295066913.13655.4702088419968350570@smelt2.prg2.suse.org>




# Security update 5.1.1 of SUSE Multi-Linux Manager

Announcement ID: SUSE-SU-2025:20992-1  
Release Date: 2025-10-17T08:47:21Z  
Rating: important  
References:

  * bsc#1229825
  * bsc#1241880
  * bsc#1243331
  * bsc#1243486
  * bsc#1243611
  * bsc#1243704
  * bsc#1244027
  * bsc#1244127
  * bsc#1244219
  * bsc#1244424
  * bsc#1244552
  * bsc#1244919
  * bsc#1245099
  * bsc#1245120
  * bsc#1245702
  * bsc#1246068
  * bsc#1246320
  * bsc#1246553
  * bsc#1246789
  * bsc#1246882
  * bsc#1246906
  * bsc#1247688
  * bsc#1247836
  * bsc#1248252
  * bsc#1249434
  * jsc#MSQA-1023

  
Cross-References:

  * CVE-2025-53192

  
CVSS scores:

  * CVE-2025-53192 ( SUSE ):  8.6
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  * CVE-2025-53192 ( SUSE ):  8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
  * CVE-2025-53192 ( NVD ):  8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

  
Affected Products:

  * SUSE Multi-Linux Manager Proxy 5.1
  * SUSE Multi-Linux Manager Retail Branch Server 5.1
  * SUSE Multi-Linux Manager Server 5.1

  
  
An update that solves one vulnerability, contains one feature and has 24 fixes
can now be installed.

## Description:

This update for SUSE Multi-Linux Manager fixes the following issues:

proxy-helm was updated fromv version 5.1.7 to 5.1.9:

  * Version 5.1.9
  * Chart rebuilt to the newest version with updated dependencies
  * Version 5.1.8
  * Use traefik.io API group (bsc#1244919)

proxy-httpd-image was updated fromv version 5.1.8 to 5.1.10:

  * Version 5.1.10
  * Image rebuilt to the newest version with updated dependencies
  * Version 5.1.9
  * Use absolute paths when invoking external commands
  * Handle large static files outside of wsgi script (bsc#1244424)
  * Reorganize proxy apache configuration
    * remove unused access to pub dir
    * move cobbler configs from the uyuni-config to the proxy package
    * add max workers limit to 150 (bsc#1244552)
    * use proxypass instead of wsgi to pass API calls to the server and anonymous dirs
(bsc#1241880)
  * Use existing systemid in proxy httpd if present (bsc#1246789)

proxy-salt-broker-image was updated from version 5.1.8 to 5.1.10:

  * Image rebuilt to the newest version with updated dependencies

proxy-squid-image was updated fromv version 5.1.7 to 5.1.9:

  * Version 5.1.9
  * Image rebuilt to the newest version with updated dependencies
  * Version 5.1.8
  * Use absolute paths when invoking external commands

proxy-squid-image was updated fromv version 5.1.7 to 5.1.9:

  * Version 5.1.9
  * Image rebuilt to the newest version with updated dependencies
  * Version 5.1.8
  * Use absolute paths when invoking external commands

proxy-tftpd-image was updated fromv version 5.1.7 to 5.1.9:

  * Version 5.1.9
  * Image rebuilt to the newest version with updated dependencies
  * Version 5.1.8
  * Use absolute paths when invoking external commands
  * Do not block the main tftpd process (bsc#1244424)
  * Fix selecting of default saltboot entry in grub

server-attestation-image was updated from version 5.1.7 to 5.1.10:

  * CVE-2025-53192: Do not use apache-commons-ognl but its successor ognl
    (bsc#1248252)
  * Image rebuilt to the newest version with updated dependencies

server-hub-xmlrpc-api-image was updated from version 5.1.7 to 5.1.9:

  * Image rebuilt to the newest version with updated dependencies

server-image was updated from version 5.1.7 to 5.1.9::

  * Version 5.1.9
  * Install python311-ldap into the server-image (bsc#1245702)
  * Version 5.1.8
  * Move jmx configuration to a persisting folder (bsc#1244219)

server-migration-14-16-image was updated from version 5.1.7 to 5.1.9:

  * Image rebuilt to the newest version with updated dependencies

server-postgresql-image was updated from version 5.1.5 to 5.1.7:

  * Image rebuilt to the newest version with updated dependencies

server-saline-image was updated from version 5.1.7 to 5.1.9:

  * Image rebuilt to the newest version with updated dependencies

uyuni-tools was updated from version 5.1.18-0 to 5.1.22-0:

  * Version 5.1.22-0
  * Fix cobbler config migration to standalone files
  * Fix generated DB certificate subject alternate names
  * Version 5.1.21-0
  * Remove extraneous quotes when getting the running image (bsc#1249434)
  * Version 5.1.20-0
  * Add migration for server monitoring configuration (bsc#1247688)
  * Version 5.1.19-0
  * Add a lowercase version of --logLevel (bsc#1243611)
  * Stop executing scripts in temporary folder (bsc#1243704)
  * support config: collect podman inspect for hub container (bsc#1245099)
  * Use new dedicated path for Cobbler settings (bsc#1244027)
  * Migrate custom auto installation snippets (bsc#1246320)
  * Add SUSE Linux Enterprise 15 SP7 to buildin productmap
  * Fix loading product map from mgradm configuration file (bsc#1246068)
  * Fix channel override for distro copy
  * Do not use sudo when running as a root user (bsc#1246882)
  * Do not require backups to be at the same location for restoring
    (bsc#1246906)
  * Fix recomputing proxy images when installing a PTF or TEST (bsc#1246553)
  * Add mgradm server rename to change the server FQDN (bsc#1229825)
  * If no DB SSL CA parameter is given, use the other one (bsc#1245120)
  * More fault tolerant mgradm stop (bsc#1243331)
  * Backup systemd dropin directory too and create if missing
  * Add 3rd party SSL options for upgrade and migration scenarios
  * Do not consider stderr output of podman as an error (bsc#1247836)
  * Restore SELinux contexts for restored backup volumes (bsc#1244127)
  * Automatically get up-to-date systemid file on salt based proxy hosts
    (bsc#1246789)
  * Bump the default image tag to 5.1.1

How to apply this update:

SUSE Multi-Linux Manager Server:

  1. Log in as root user to the SUSE Multi-Linux Manager Server.
  2. Upgrade mgradm and mgrctl.
  3. If you are in a disconnected environment, upgrade the image packages.
  4. Reboot the system.
  5. Run `mgradm upgrade podman` which will use the default image tags.

SUSE Multi-Linux Manager Proxy / Retail Branch Server:

  1. Log in as root user to the SUSE Multi-Linux Manager Proxy / Retail Branch Server.
  2. Upgrade mgrpxy.
  3. If you are in a disconnected environment, upgrade the image packages.
  4. Reboot the system.
  5. Run `mgrpxy upgrade podman` which will use the default image tags.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Multi-Linux Manager Proxy 5.1  
    zypper in -t patch SUSE-Multi-Linux-Manager-5.1-2=1

  * SUSE Multi-Linux Manager Retail Branch Server 5.1  
    zypper in -t patch SUSE-Multi-Linux-Manager-5.1-2=1

  * SUSE Multi-Linux Manager Server 5.1  
    zypper in -t patch SUSE-Multi-Linux-Manager-5.1-2=1

## Package List:

  * SUSE Multi-Linux Manager Proxy 5.1 (aarch64 ppc64le s390x x86_64)
    * mgrpxy-5.1.22-slfo.1.1.1
    * mgrpxy-debuginfo-5.1.22-slfo.1.1.1
  * SUSE Multi-Linux Manager Proxy 5.1 (noarch)
    * mgrpxy-zsh-completion-5.1.22-slfo.1.1.1
    * mgrpxy-bash-completion-5.1.22-slfo.1.1.1
  * SUSE Multi-Linux Manager Proxy 5.1 (aarch64)
    * suse-multi-linux-manager-5.1-aarch64-proxy-httpd-image-5.1.1-8.7.18
    * suse-multi-linux-manager-5.1-aarch64-proxy-ssh-image-5.1.1-8.5.13
    * suse-multi-linux-manager-5.1-aarch64-proxy-squid-image-5.1.1-8.5.13
    * suse-multi-linux-manager-5.1-aarch64-proxy-salt-broker-image-5.1.1-9.5.33
    * suse-multi-linux-manager-5.1-aarch64-proxy-tftpd-image-5.1.1-8.5.13
  * SUSE Multi-Linux Manager Proxy 5.1 (ppc64le)
    * suse-multi-linux-manager-5.1-ppc64le-proxy-ssh-image-5.1.1-8.5.13
    * suse-multi-linux-manager-5.1-ppc64le-proxy-squid-image-5.1.1-8.5.13
    * suse-multi-linux-manager-5.1-ppc64le-proxy-tftpd-image-5.1.1-8.5.13
    * suse-multi-linux-manager-5.1-ppc64le-proxy-httpd-image-5.1.1-8.7.18
    * suse-multi-linux-manager-5.1-ppc64le-proxy-salt-broker-image-5.1.1-9.5.33
  * SUSE Multi-Linux Manager Proxy 5.1 (s390x)
    * suse-multi-linux-manager-5.1-s390x-proxy-salt-broker-image-5.1.1-9.5.33
    * suse-multi-linux-manager-5.1-s390x-proxy-httpd-image-5.1.1-8.7.18
    * suse-multi-linux-manager-5.1-s390x-proxy-ssh-image-5.1.1-8.5.13
    * suse-multi-linux-manager-5.1-s390x-proxy-tftpd-image-5.1.1-8.5.13
    * suse-multi-linux-manager-5.1-s390x-proxy-squid-image-5.1.1-8.5.13
  * SUSE Multi-Linux Manager Proxy 5.1 (x86_64)
    * suse-multi-linux-manager-5.1-x86_64-proxy-ssh-image-5.1.1-8.5.13
    * suse-multi-linux-manager-5.1-x86_64-proxy-salt-broker-image-5.1.1-9.5.33
    * suse-multi-linux-manager-5.1-x86_64-proxy-squid-image-5.1.1-8.5.13
    * suse-multi-linux-manager-5.1-x86_64-proxy-tftpd-image-5.1.1-8.5.13
    * suse-multi-linux-manager-5.1-x86_64-proxy-httpd-image-5.1.1-8.7.18
  * SUSE Multi-Linux Manager Retail Branch Server 5.1 (aarch64 ppc64le s390x
    x86_64)
    * mgrpxy-5.1.22-slfo.1.1.1
    * mgrpxy-debuginfo-5.1.22-slfo.1.1.1
  * SUSE Multi-Linux Manager Retail Branch Server 5.1 (noarch)
    * mgrpxy-zsh-completion-5.1.22-slfo.1.1.1
    * mgrpxy-bash-completion-5.1.22-slfo.1.1.1
  * SUSE Multi-Linux Manager Retail Branch Server 5.1 (aarch64)
    * suse-multi-linux-manager-5.1-aarch64-proxy-httpd-image-5.1.1-8.7.18
    * suse-multi-linux-manager-5.1-aarch64-proxy-ssh-image-5.1.1-8.5.13
    * suse-multi-linux-manager-5.1-aarch64-proxy-squid-image-5.1.1-8.5.13
    * suse-multi-linux-manager-5.1-aarch64-proxy-salt-broker-image-5.1.1-9.5.33
    * suse-multi-linux-manager-5.1-aarch64-proxy-tftpd-image-5.1.1-8.5.13
  * SUSE Multi-Linux Manager Retail Branch Server 5.1 (ppc64le)
    * suse-multi-linux-manager-5.1-ppc64le-proxy-ssh-image-5.1.1-8.5.13
    * suse-multi-linux-manager-5.1-ppc64le-proxy-squid-image-5.1.1-8.5.13
    * suse-multi-linux-manager-5.1-ppc64le-proxy-tftpd-image-5.1.1-8.5.13
    * suse-multi-linux-manager-5.1-ppc64le-proxy-httpd-image-5.1.1-8.7.18
    * suse-multi-linux-manager-5.1-ppc64le-proxy-salt-broker-image-5.1.1-9.5.33
  * SUSE Multi-Linux Manager Retail Branch Server 5.1 (s390x)
    * suse-multi-linux-manager-5.1-s390x-proxy-salt-broker-image-5.1.1-9.5.33
    * suse-multi-linux-manager-5.1-s390x-proxy-httpd-image-5.1.1-8.7.18
    * suse-multi-linux-manager-5.1-s390x-proxy-ssh-image-5.1.1-8.5.13
    * suse-multi-linux-manager-5.1-s390x-proxy-tftpd-image-5.1.1-8.5.13
    * suse-multi-linux-manager-5.1-s390x-proxy-squid-image-5.1.1-8.5.13
  * SUSE Multi-Linux Manager Retail Branch Server 5.1 (x86_64)
    * suse-multi-linux-manager-5.1-x86_64-proxy-ssh-image-5.1.1-8.5.13
    * suse-multi-linux-manager-5.1-x86_64-proxy-salt-broker-image-5.1.1-9.5.33
    * suse-multi-linux-manager-5.1-x86_64-proxy-squid-image-5.1.1-8.5.13
    * suse-multi-linux-manager-5.1-x86_64-proxy-tftpd-image-5.1.1-8.5.13
    * suse-multi-linux-manager-5.1-x86_64-proxy-httpd-image-5.1.1-8.7.18
  * SUSE Multi-Linux Manager Server 5.1 (aarch64 ppc64le s390x x86_64)
    * mgradm-debuginfo-5.1.22-slfo.1.1.1
    * mgrctl-debuginfo-5.1.22-slfo.1.1.1
    * mgradm-5.1.22-slfo.1.1.1
    * mgrctl-5.1.22-slfo.1.1.1
  * SUSE Multi-Linux Manager Server 5.1 (noarch)
    * mgradm-bash-completion-5.1.22-slfo.1.1.1
    * mgrctl-bash-completion-5.1.22-slfo.1.1.1
    * mgrctl-zsh-completion-5.1.22-slfo.1.1.1
    * mgradm-zsh-completion-5.1.22-slfo.1.1.1
  * SUSE Multi-Linux Manager Server 5.1 (aarch64)
    * suse-multi-linux-manager-5.1-aarch64-server-postgresql-image-5.1.1-6.5.4
    * suse-multi-linux-manager-5.1-aarch64-server-image-5.1.1-8.5.45
    * suse-multi-linux-manager-5.1-aarch64-server-attestation-image-5.1.1-8.7.8
    * suse-multi-linux-manager-5.1-aarch64-server-hub-xmlrpc-api-image-5.1.1-8.5.19
    * suse-multi-linux-manager-5.1-aarch64-server-migration-14-16-image-5.1.1-8.5.26
    * suse-multi-linux-manager-5.1-aarch64-server-saline-image-5.1.1-9.5.24
  * SUSE Multi-Linux Manager Server 5.1 (ppc64le)
    * suse-multi-linux-manager-5.1-ppc64le-server-image-5.1.1-8.5.45
    * suse-multi-linux-manager-5.1-ppc64le-server-saline-image-5.1.1-9.5.24
    * suse-multi-linux-manager-5.1-ppc64le-server-hub-xmlrpc-api-image-5.1.1-8.5.19
    * suse-multi-linux-manager-5.1-ppc64le-server-migration-14-16-image-5.1.1-8.5.26
    * suse-multi-linux-manager-5.1-ppc64le-server-postgresql-image-5.1.1-6.5.4
    * suse-multi-linux-manager-5.1-ppc64le-server-attestation-image-5.1.1-8.7.8
  * SUSE Multi-Linux Manager Server 5.1 (s390x)
    * suse-multi-linux-manager-5.1-s390x-server-image-5.1.1-8.5.45
    * suse-multi-linux-manager-5.1-s390x-server-hub-xmlrpc-api-image-5.1.1-8.5.19
    * suse-multi-linux-manager-5.1-s390x-server-postgresql-image-5.1.1-6.5.4
    * suse-multi-linux-manager-5.1-s390x-server-migration-14-16-image-5.1.1-8.5.26
    * suse-multi-linux-manager-5.1-s390x-server-saline-image-5.1.1-9.5.24
    * suse-multi-linux-manager-5.1-s390x-server-attestation-image-5.1.1-8.7.8
  * SUSE Multi-Linux Manager Server 5.1 (x86_64)
    * suse-multi-linux-manager-5.1-x86_64-server-attestation-image-5.1.1-8.7.8
    * suse-multi-linux-manager-5.1-x86_64-server-postgresql-image-5.1.1-6.5.4
    * suse-multi-linux-manager-5.1-x86_64-server-hub-xmlrpc-api-image-5.1.1-8.5.19
    * suse-multi-linux-manager-5.1-x86_64-server-saline-image-5.1.1-9.5.24
    * suse-multi-linux-manager-5.1-x86_64-server-image-5.1.1-8.5.45
    * suse-multi-linux-manager-5.1-x86_64-server-migration-14-16-image-5.1.1-8.5.26

## References:

  * https://www.suse.com/security/cve/CVE-2025-53192.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1229825
  * https://bugzilla.suse.com/show_bug.cgi?id=1241880
  * https://bugzilla.suse.com/show_bug.cgi?id=1243331
  * https://bugzilla.suse.com/show_bug.cgi?id=1243486
  * https://bugzilla.suse.com/show_bug.cgi?id=1243611
  * https://bugzilla.suse.com/show_bug.cgi?id=1243704
  * https://bugzilla.suse.com/show_bug.cgi?id=1244027
  * https://bugzilla.suse.com/show_bug.cgi?id=1244127
  * https://bugzilla.suse.com/show_bug.cgi?id=1244219
  * https://bugzilla.suse.com/show_bug.cgi?id=1244424
  * https://bugzilla.suse.com/show_bug.cgi?id=1244552
  * https://bugzilla.suse.com/show_bug.cgi?id=1244919
  * https://bugzilla.suse.com/show_bug.cgi?id=1245099
  * https://bugzilla.suse.com/show_bug.cgi?id=1245120
  * https://bugzilla.suse.com/show_bug.cgi?id=1245702
  * https://bugzilla.suse.com/show_bug.cgi?id=1246068
  * https://bugzilla.suse.com/show_bug.cgi?id=1246320
  * https://bugzilla.suse.com/show_bug.cgi?id=1246553
  * https://bugzilla.suse.com/show_bug.cgi?id=1246789
  * https://bugzilla.suse.com/show_bug.cgi?id=1246882
  * https://bugzilla.suse.com/show_bug.cgi?id=1246906
  * https://bugzilla.suse.com/show_bug.cgi?id=1247688
  * https://bugzilla.suse.com/show_bug.cgi?id=1247836
  * https://bugzilla.suse.com/show_bug.cgi?id=1248252
  * https://bugzilla.suse.com/show_bug.cgi?id=1249434
  * https://jira.suse.com/browse/MSQA-1023





Attachment: None (type=text/html)

(HTML attachment elided)
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds