SUSE-SU-2025:3817-1

Description

Security update 5.1.1 for Multi-Linux Manager Client Tools This update fixes the following issues: golang-github-prometheus-alertmanager: - Update to version 0.28.1 (jsc#PED-13285): * Improved performance of inhibition rules when using Equal labels. * Improve the documentation on escaping in UTF-8 matchers. * Update alertmanager_config_hash metric help to document the hash is not cryptographically strong. * Fix panic in amtool when using --verbose. * Fix templating of channel field for Rocket.Chat. * Fix rocketchat_configs written as rocket_configs in docs. * Fix usage for --enable-feature flag. * Trim whitespace from OpsGenie API Key. * Fix Jira project template not rendered when searching for existing issues. * Fix subtle bug in JSON/YAML encoding of inhibition rules that would cause Equal labels to be omitted. * Fix header for slack_configs in docs. * Fix weight and wrap of Microsoft Teams notifications. - Upgrade to version 0.28.0: * CVE-2025-47908: Bump github.com/rs/cors (bsc#1247748). * Templating errors in the SNS integration now return an error. * Adopt log/slog, drop go-kit/log. * Add a new Microsoft Teams integration based on Flows. * Add a new Rocket.Chat integration. * Add a new Jira integration. * Add support for GOMEMLIMIT, enable it via the feature flag --enable-feature=auto-gomemlimit. * Add support for GOMAXPROCS, enable it via the feature flag --enable-feature=auto-gomaxprocs. * Add support for limits of silences including the maximum number of active and pending silences, and the maximum size per silence (in bytes). You can use the flags --silences.max-silences and --silences.max-silence-size-bytes to set them accordingly. * Muted alerts now show whether they are suppressed or not in both the /api/v2/alerts endpoint and the Alertmanager UI. - Upgrade to version 0.27.0: * API: Removal of all api/v1/ endpoints. These endpoints now log and return a deprecation message and respond with a status code of 410. * UTF-8 Support: Introduction of support for any UTF-8 character as part of label names and matchers. * Discord Integration: Enforce max length in message. * Metrics: Introduced the experimental feature flag --enable-feature=receiver-name-in-metrics to include the receiver name. * Metrics: Introduced a new gauge named alertmanager_inhibition_rules that counts the number of configured inhibition rules. * Metrics: Introduced a new counter named alertmanager_alerts_supressed_total that tracks muted alerts, it contains a reason label to indicate the source of the mute. * Discord Integration: Introduced support for webhook_url_file. * Microsoft Teams Integration: Introduced support for webhook_url_file. * Microsoft Teams Integration: Add support for summary. * Metrics: Notification metrics now support two new values for the label reason, contextCanceled and contextDeadlineExceeded. * Email Integration: Contents of auth_password_file are now trimmed of prefixed and suffixed whitespace. * amtool: Fixes the error scheme required for webhook url when using amtool with --alertmanager.url. * Mixin: Fix AlertmanagerFailedToSendAlerts, AlertmanagerClusterFailedToSendAlerts, and AlertmanagerClusterFailedToSendAlerts to make sure they ignore the reason label. grafana: - Update to version 11.5.7: * Security: CVE-2025-6023: Fix cross-site-scripting via scripted dashboards (bsc#1246735) CVE-2025-6197: Fix open redirect in organization switching (bsc#1246736) * Bug fixes: Azure: Fix legend formatting. Azure: Fix resource name determination in template variable queries. - Update to version 11.5.6: CVE-2025-3415: Fix exposure of DingDing alerting integration URL to Viewer level users (bsc#1245302) mgr-push: - Version 5.1.4-0 * Use absolute paths when invoking external commands * Fix syntax error in changelog python-defusedxml: - Update to 0.6.0 * Increase test coverage. * Add badges to README. * Test on Python 3.7 stable and 3.8-dev * Drop support for Python 3.4 * No longer pass *html* argument to XMLParse. It has been deprecated and ignored for a long time. The DefusedXMLParser still takes a html argument. A deprecation warning is issued when the argument is False and a TypeError when it's True. * defusedxml now fails early when pyexpat stdlib module is not available or broken. * defusedxml.ElementTree.__all__ now lists ParseError as public attribute. * The defusedxml.ElementTree and defusedxml.cElementTree modules had a typo and used XMLParse instead of XMLParser as an alias for DefusedXMLParser. Both the old and fixed name are now available. - Remove superfluous devel dependency for noarch package - Fix source url. - Update to 5.0 * Add compatibility with Python 3.6 * Drop support for Python 2.6, 3.1, 3.2, 3.3 * Fix lxml tests (XMLSyntaxError: Detected an entity reference loop) - Implement single-spec version. - Dummy changelog for bsc#1019074, FATE#322329 - Initial packaging. rhnlib: - Version 5.1.3-0 * Fix syntax error in changelog * Use more secure defusedxml parser (bsc#1227577) spacecmd: - Version 5.1.11-0 * Make spacecmd work with Python 3.12 and higher * Call print statements properly in Python 3 - Version 5.1.10-0 * Fix use of renamed config parser class where the backward compatible alias was dropped in latest python version (bsc#1246586) - Version 5.1.9-0 * Fix installation of python lib files on Ubuntu 24.04 spacewalk-client-tools: - Version 5.1.7-0 * Fix syntax error in changelog supportutils-plugin-susemanager-client: - Version 5.1.4-0 * Fix syntax error in changelog uyuni-tools: - version 5.1.20-0 * Add migration for server monitoring configuration (bsc#1247688) - version 5.1.19-0 * Add a lowercase version of --logLevel (bsc#1243611) * Stop executing scripts in temporary folder (bsc#1243704) * support config: collect podman inspect for hub container (bsc#1245099) * Use new dedicated path for Cobbler settings (bsc#1244027) * Migrate custom auto installation snippets (bsc#1246320) * Add SUSE Linux Enterprise 15 SP7 to buildin productmap * Fix loading product map from mgradm configuration file (bsc#1246068) * Fix channel override for distro copy * Do not use sudo when running as a root user (bsc#1246882) * Do not require backups to be at the same location for restoring (bsc#1246906) * Fix recomputing proxy images when installing a PTF or TEST (bsc#1246553) * Add mgradm server rename to change the server FQDN (bsc#1229825) * If no DB SSL CA parameter is given, use the other one (bsc#1245120) * More fault tolerant mgradm stop (bsc#1243331) * Backup systemd dropin directory too and create if missing * Add 3rd party SSL options for upgrade and migration scenarios * Do not consider stderr output of podman as an error (bsc#1247836) * Restore SELinux contexts for restored backup volumes (bsc#1244127) * Automatically get up-to-date systemid file on salt based proxy hosts (bsc#1246789) * Bump the default image tag to 5.1.1 - version 5.1.18-0 * Update translation strings - version 5.1.17-0 * upgrade saline should use scale function (bsc#1246864) - version 5.1.16-0 * Use database backup volume as temporary backup location (bsc#1246628)

Affected Systems

• suse•golang-github-prometheus-alertmanager&distro=SUSE Multi Linux Manager Tools SLE-12

  < 0.28.1-120002.4.3.2

• suse•grafana&distro=SUSE Multi Linux Manager Tools SLE-12

  < 11.5.7-120002.4.3.2

• suse•mgr-push&distro=SUSE Multi Linux Manager Tools SLE-12

  < 5.1.4-120002.3.3.3

• suse•Multi-Linux-ManagerTools-SLE-release&distro=SUSE Multi Linux Manager Tools SLE-12

  < 12-120002.1.3.2

• suse•python-defusedxml&distro=SUSE Multi Linux Manager Tools SLE-12

  < 0.6.0-120002.1.3.1

• suse•rhnlib&distro=SUSE Multi Linux Manager Tools SLE-12

  < 5.1.3-120002.3.3.1

• suse•spacecmd&distro=SUSE Multi Linux Manager Tools SLE-12

  < 5.1.11-120002.3.3.2

• suse•spacewalk-client-tools&distro=SUSE Multi Linux Manager Tools SLE-12

  < 5.1.7-120002.3.3.2

• suse•supportutils-plugin-susemanager-client&distro=SUSE Multi Linux Manager Tools SLE-12

  < 5.1.4-120002.3.3.1

References (30)

• https://www.suse.com/support/update/announcement/2025/suse-su-20253817-1/
• https://bugzilla.suse.com/1019074
• https://bugzilla.suse.com/1227577
• https://bugzilla.suse.com/1229825
• https://bugzilla.suse.com/1243331
• https://bugzilla.suse.com/1243611
• https://bugzilla.suse.com/1243704
• https://bugzilla.suse.com/1244027
• https://bugzilla.suse.com/1244127
• https://bugzilla.suse.com/1245099
• https://bugzilla.suse.com/1245120
• https://bugzilla.suse.com/1245302
• https://bugzilla.suse.com/1246068
• https://bugzilla.suse.com/1246320
• https://bugzilla.suse.com/1246553
• https://bugzilla.suse.com/1246586
• https://bugzilla.suse.com/1246628
• https://bugzilla.suse.com/1246735
• https://bugzilla.suse.com/1246736
• https://bugzilla.suse.com/1246789
• https://bugzilla.suse.com/1246864
• https://bugzilla.suse.com/1246882
• https://bugzilla.suse.com/1246906
• https://bugzilla.suse.com/1247688
• https://bugzilla.suse.com/1247748
• https://bugzilla.suse.com/1247836
• https://www.suse.com/security/cve/CVE-2025-3415
• https://www.suse.com/security/cve/CVE-2025-47908
• https://www.suse.com/security/cve/CVE-2025-6023
• https://www.suse.com/security/cve/CVE-2025-6197