[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-SUSE-SU-2025:3817-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T02:55:33.997Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":22,"duplicates":23,"related":24,"reserved_at":9,"published_at":29,"modified_at":30,"state":9,"summary":31,"references_raw":33,"kevs":158,"epss":9,"epss_history":159,"metrics":160,"affected":161},"SUSE-SU-2025:3817-1","Security update 5.1.1 for Multi-Linux Manager Client Tools\n\nThis update fixes the following issues:\n\ngolang-github-prometheus-alertmanager:\n\n- Update to version 0.28.1 (jsc#PED-13285):\n  * Improved performance of inhibition rules when using Equal\n    labels.\n  * Improve the documentation on escaping in UTF-8 matchers.\n  * Update alertmanager_config_hash metric help to document the\n    hash is not cryptographically strong.\n  * Fix panic in amtool when using --verbose.\n  * Fix templating of channel field for Rocket.Chat.\n  * Fix rocketchat_configs written as rocket_configs in docs.\n  * Fix usage for --enable-feature flag.\n  * Trim whitespace from OpsGenie API Key.\n  * Fix Jira project template not rendered when searching for\n    existing issues.\n  * Fix subtle bug in JSON/YAML encoding of inhibition rules that\n    would cause Equal labels to be omitted.\n  * Fix header for slack_configs in docs.\n  * Fix weight and wrap of Microsoft Teams notifications.\n- Upgrade to version 0.28.0:\n  * CVE-2025-47908: Bump github.com/rs/cors (bsc#1247748).\n  * Templating errors in the SNS integration now return an error.\n  * Adopt log/slog, drop go-kit/log.\n  * Add a new Microsoft Teams integration based on Flows.\n  * Add a new Rocket.Chat integration.\n  * Add a new Jira integration.\n  * Add support for GOMEMLIMIT, enable it via the feature flag\n    --enable-feature=auto-gomemlimit.\n  * Add support for GOMAXPROCS, enable it via the feature flag\n    --enable-feature=auto-gomaxprocs.\n  * Add support for limits of silences including the maximum number\n    of active and pending silences, and the maximum size per\n    silence (in bytes). You can use the flags\n    --silences.max-silences and --silences.max-silence-size-bytes\n    to set them accordingly.\n  * Muted alerts now show whether they are suppressed or not in\n    both the /api/v2/alerts endpoint and the Alertmanager UI.\n- Upgrade to version 0.27.0:\n  * API: Removal of all api/v1/ endpoints. These endpoints\n    now log and return a deprecation message and respond with a\n    status code of 410.\n  * UTF-8 Support: Introduction of support for any UTF-8\n    character as part of label names and matchers.\n  * Discord Integration: Enforce max length in message.\n  * Metrics: Introduced the experimental feature flag\n    --enable-feature=receiver-name-in-metrics to include the\n    receiver name.\n  * Metrics: Introduced a new gauge named\n    alertmanager_inhibition_rules that counts the number of\n    configured inhibition rules.\n  * Metrics: Introduced a new counter named\n    alertmanager_alerts_supressed_total that tracks muted alerts,\n    it contains a reason label to indicate the source of the mute.\n  * Discord Integration: Introduced support for webhook_url_file.\n  * Microsoft Teams Integration: Introduced support for\n    webhook_url_file.\n  * Microsoft Teams Integration: Add support for summary.\n  * Metrics: Notification metrics now support two new values for\n    the label reason, contextCanceled and contextDeadlineExceeded.\n  * Email Integration: Contents of auth_password_file are now\n    trimmed of prefixed and suffixed whitespace.\n  * amtool: Fixes the error scheme required for webhook url when\n    using amtool with --alertmanager.url.\n  * Mixin: Fix AlertmanagerFailedToSendAlerts,\n    AlertmanagerClusterFailedToSendAlerts, and\n    AlertmanagerClusterFailedToSendAlerts to make sure they ignore\n    the reason label.\n\ngrafana:\n\n- Update to version 11.5.7:\n  * Security:\n    CVE-2025-6023: Fix cross-site-scripting via scripted dashboards\n                   (bsc#1246735)\n    CVE-2025-6197: Fix open redirect in organization switching\n                   (bsc#1246736)\n  * Bug fixes:\n    Azure: Fix legend formatting.\n    Azure: Fix resource name determination in template variable\n           queries.\n- Update to version 11.5.6:\n    CVE-2025-3415: Fix exposure of DingDing alerting integration\n                   URL to Viewer level users (bsc#1245302)\n\nmgr-push:\n\n- Version 5.1.4-0\n  * Use absolute paths when invoking external commands\n  * Fix syntax error in changelog\n\npython-defusedxml:\n\n- Update to 0.6.0\n  * Increase test coverage.\n  * Add badges to README.\n  * Test on Python 3.7 stable and 3.8-dev\n  * Drop support for Python 3.4\n  * No longer pass *html* argument to XMLParse. It has been deprecated and\n    ignored for a long time. The DefusedXMLParser still takes a html argument.\n    A deprecation warning is issued when the argument is False and a TypeError\n    when it's True.\n  * defusedxml now fails early when pyexpat stdlib module is not available or\n    broken.\n  * defusedxml.ElementTree.__all__ now lists ParseError as public attribute.\n  * The defusedxml.ElementTree and defusedxml.cElementTree modules had a typo\n    and used XMLParse instead of XMLParser as an alias for DefusedXMLParser.\n    Both the old and fixed name are now available.\n- Remove superfluous devel dependency for noarch package\n- Fix source url.\n- Update to 5.0\n  * Add compatibility with Python 3.6\n  * Drop support for Python 2.6, 3.1, 3.2, 3.3\n  * Fix lxml tests (XMLSyntaxError: Detected an entity reference loop)\n- Implement single-spec version.\n- Dummy changelog for bsc#1019074, FATE#322329\n- Initial packaging.\n\nrhnlib:\n\n- Version 5.1.3-0\n  * Fix syntax error in changelog\n  * Use more secure defusedxml parser (bsc#1227577)\n\nspacecmd:\n\n- Version 5.1.11-0\n  * Make spacecmd work with Python 3.12 and higher\n  * Call print statements properly in Python 3\n- Version 5.1.10-0\n  * Fix use of renamed config parser class where the backward\n    compatible alias was dropped in latest python version\n    (bsc#1246586)\n- Version 5.1.9-0\n  * Fix installation of python lib files on Ubuntu 24.04\n\nspacewalk-client-tools:\n\n- Version 5.1.7-0\n  * Fix syntax error in changelog\n\nsupportutils-plugin-susemanager-client:\n\n- Version 5.1.4-0\n  * Fix syntax error in changelog\n\nuyuni-tools:\n\n- version 5.1.20-0\n  * Add migration for server monitoring configuration (bsc#1247688)\n\n- version 5.1.19-0\n  * Add a lowercase version of --logLevel (bsc#1243611)\n  * Stop executing scripts in temporary folder (bsc#1243704)\n  * support config: collect podman inspect for hub container\n    (bsc#1245099)\n  * Use new dedicated path for Cobbler settings (bsc#1244027)\n  * Migrate custom auto installation snippets (bsc#1246320)\n  * Add SUSE Linux Enterprise 15 SP7 to buildin productmap\n  * Fix loading product map from mgradm configuration file\n    (bsc#1246068)\n  * Fix channel override for distro copy\n  * Do not use sudo when running as a root user (bsc#1246882)\n  * Do not require backups to be at the same location for restoring\n    (bsc#1246906)\n  * Fix recomputing proxy images when installing a PTF or TEST\n    (bsc#1246553)\n  * Add mgradm server rename to change the server FQDN (bsc#1229825)\n  * If no DB SSL CA parameter is given, use the other one\n    (bsc#1245120)\n  * More fault tolerant mgradm stop (bsc#1243331)\n  * Backup systemd dropin directory too and create if missing\n  * Add 3rd party SSL options for upgrade and migration scenarios\n  * Do not consider stderr output of podman as an error\n    (bsc#1247836)\n  * Restore SELinux contexts for restored backup volumes\n    (bsc#1244127)\n  * Automatically get up-to-date systemid file on salt based proxy\n    hosts (bsc#1246789)\n  * Bump the default image tag to 5.1.1\n\n- version 5.1.18-0\n  * Update translation strings\n\n- version 5.1.17-0\n  * upgrade saline should use scale function (bsc#1246864)\n\n- version 5.1.16-0\n  * Use database backup volume as temporary backup location\n    (bsc#1246628)\n\n",null,[],[],[],[14,16,18,20],{"_key":15},"CVE-2025-3415",{"_key":17},"CVE-2025-47908",{"_key":19},"CVE-2025-6023",{"_key":21},"CVE-2025-6197",[],[],[25,26,27,28],{"_key":15},{"_key":17},{"_key":19},{"_key":21},"2025-10-28T07:19:09Z","2026-02-04T02:32:56.154893Z",{"cisa_kev":32,"cisa_ransomware":32,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[34,40,45,49,53,57,61,65,69,73,77,81,85,89,93,97,101,105,109,113,117,121,125,129,133,137,141,146,150,154],{"url":35,"sources":36,"tags":38},"https://www.suse.com/support/update/announcement/2025/suse-su-20253817-1/",[37],"osv_suse",[39],"Advisory",{"url":41,"sources":42,"tags":43},"https://bugzilla.suse.com/1019074",[37],[44],"REPORT",{"url":46,"sources":47,"tags":48},"https://bugzilla.suse.com/1227577",[37],[44],{"url":50,"sources":51,"tags":52},"https://bugzilla.suse.com/1229825",[37],[44],{"url":54,"sources":55,"tags":56},"https://bugzilla.suse.com/1243331",[37],[44],{"url":58,"sources":59,"tags":60},"https://bugzilla.suse.com/1243611",[37],[44],{"url":62,"sources":63,"tags":64},"https://bugzilla.suse.com/1243704",[37],[44],{"url":66,"sources":67,"tags":68},"https://bugzilla.suse.com/1244027",[37],[44],{"url":70,"sources":71,"tags":72},"https://bugzilla.suse.com/1244127",[37],[44],{"url":74,"sources":75,"tags":76},"https://bugzilla.suse.com/1245099",[37],[44],{"url":78,"sources":79,"tags":80},"https://bugzilla.suse.com/1245120",[37],[44],{"url":82,"sources":83,"tags":84},"https://bugzilla.suse.com/1245302",[37],[44],{"url":86,"sources":87,"tags":88},"https://bugzilla.suse.com/1246068",[37],[44],{"url":90,"sources":91,"tags":92},"https://bugzilla.suse.com/1246320",[37],[44],{"url":94,"sources":95,"tags":96},"https://bugzilla.suse.com/1246553",[37],[44],{"url":98,"sources":99,"tags":100},"https://bugzilla.suse.com/1246586",[37],[44],{"url":102,"sources":103,"tags":104},"https://bugzilla.suse.com/1246628",[37],[44],{"url":106,"sources":107,"tags":108},"https://bugzilla.suse.com/1246735",[37],[44],{"url":110,"sources":111,"tags":112},"https://bugzilla.suse.com/1246736",[37],[44],{"url":114,"sources":115,"tags":116},"https://bugzilla.suse.com/1246789",[37],[44],{"url":118,"sources":119,"tags":120},"https://bugzilla.suse.com/1246864",[37],[44],{"url":122,"sources":123,"tags":124},"https://bugzilla.suse.com/1246882",[37],[44],{"url":126,"sources":127,"tags":128},"https://bugzilla.suse.com/1246906",[37],[44],{"url":130,"sources":131,"tags":132},"https://bugzilla.suse.com/1247688",[37],[44],{"url":134,"sources":135,"tags":136},"https://bugzilla.suse.com/1247748",[37],[44],{"url":138,"sources":139,"tags":140},"https://bugzilla.suse.com/1247836",[37],[44],{"url":142,"sources":143,"tags":144},"https://www.suse.com/security/cve/CVE-2025-3415",[37],[145],"WEB",{"url":147,"sources":148,"tags":149},"https://www.suse.com/security/cve/CVE-2025-47908",[37],[145],{"url":151,"sources":152,"tags":153},"https://www.suse.com/security/cve/CVE-2025-6023",[37],[145],{"url":155,"sources":156,"tags":157},"https://www.suse.com/security/cve/CVE-2025-6197",[37],[145],[],[],[],[162,175,182,189,196,203,210,217,224],{"ecosystem":163,"name":164,"vendor":165,"product":166,"cpe_part":9,"purl_type":167,"purl_namespace":165,"purl_name":166,"source":9,"versions":168},"SUSE Linux Enterprise","golang-github-prometheus-alertmanager","suse","golang-github-prometheus-alertmanager&distro=SUSE Multi Linux Manager Tools SLE-12","rpm",[169],{"version":170,"is_range":171,"range_type":172,"version_start":9,"version_start_type":9,"version_end":173,"version_end_type":174,"fixed_in":9},"lt0_28_1_120002_4_3_2",true,"ecosystem","0.28.1-120002.4.3.2","excluding",{"ecosystem":163,"name":176,"vendor":165,"product":177,"cpe_part":9,"purl_type":167,"purl_namespace":165,"purl_name":177,"source":9,"versions":178},"grafana","grafana&distro=SUSE Multi Linux Manager Tools SLE-12",[179],{"version":180,"is_range":171,"range_type":172,"version_start":9,"version_start_type":9,"version_end":181,"version_end_type":174,"fixed_in":9},"lt11_5_7_120002_4_3_2","11.5.7-120002.4.3.2",{"ecosystem":163,"name":183,"vendor":165,"product":184,"cpe_part":9,"purl_type":167,"purl_namespace":165,"purl_name":184,"source":9,"versions":185},"mgr-push","mgr-push&distro=SUSE Multi Linux Manager Tools SLE-12",[186],{"version":187,"is_range":171,"range_type":172,"version_start":9,"version_start_type":9,"version_end":188,"version_end_type":174,"fixed_in":9},"lt5_1_4_120002_3_3_3","5.1.4-120002.3.3.3",{"ecosystem":163,"name":190,"vendor":165,"product":191,"cpe_part":9,"purl_type":167,"purl_namespace":165,"purl_name":191,"source":9,"versions":192},"Multi-Linux-ManagerTools-SLE-release","Multi-Linux-ManagerTools-SLE-release&distro=SUSE Multi Linux Manager Tools SLE-12",[193],{"version":194,"is_range":171,"range_type":172,"version_start":9,"version_start_type":9,"version_end":195,"version_end_type":174,"fixed_in":9},"lt12_120002_1_3_2","12-120002.1.3.2",{"ecosystem":163,"name":197,"vendor":165,"product":198,"cpe_part":9,"purl_type":167,"purl_namespace":165,"purl_name":198,"source":9,"versions":199},"python-defusedxml","python-defusedxml&distro=SUSE Multi Linux Manager Tools SLE-12",[200],{"version":201,"is_range":171,"range_type":172,"version_start":9,"version_start_type":9,"version_end":202,"version_end_type":174,"fixed_in":9},"lt0_6_0_120002_1_3_1","0.6.0-120002.1.3.1",{"ecosystem":163,"name":204,"vendor":165,"product":205,"cpe_part":9,"purl_type":167,"purl_namespace":165,"purl_name":205,"source":9,"versions":206},"rhnlib","rhnlib&distro=SUSE Multi Linux Manager Tools SLE-12",[207],{"version":208,"is_range":171,"range_type":172,"version_start":9,"version_start_type":9,"version_end":209,"version_end_type":174,"fixed_in":9},"lt5_1_3_120002_3_3_1","5.1.3-120002.3.3.1",{"ecosystem":163,"name":211,"vendor":165,"product":212,"cpe_part":9,"purl_type":167,"purl_namespace":165,"purl_name":212,"source":9,"versions":213},"spacecmd","spacecmd&distro=SUSE Multi Linux Manager Tools SLE-12",[214],{"version":215,"is_range":171,"range_type":172,"version_start":9,"version_start_type":9,"version_end":216,"version_end_type":174,"fixed_in":9},"lt5_1_11_120002_3_3_2","5.1.11-120002.3.3.2",{"ecosystem":163,"name":218,"vendor":165,"product":219,"cpe_part":9,"purl_type":167,"purl_namespace":165,"purl_name":219,"source":9,"versions":220},"spacewalk-client-tools","spacewalk-client-tools&distro=SUSE Multi Linux Manager Tools SLE-12",[221],{"version":222,"is_range":171,"range_type":172,"version_start":9,"version_start_type":9,"version_end":223,"version_end_type":174,"fixed_in":9},"lt5_1_7_120002_3_3_2","5.1.7-120002.3.3.2",{"ecosystem":163,"name":225,"vendor":165,"product":226,"cpe_part":9,"purl_type":167,"purl_namespace":165,"purl_name":226,"source":9,"versions":227},"supportutils-plugin-susemanager-client","supportutils-plugin-susemanager-client&distro=SUSE Multi Linux Manager Tools SLE-12",[228],{"version":229,"is_range":171,"range_type":172,"version_start":9,"version_start_type":9,"version_end":230,"version_end_type":174,"fixed_in":9},"lt5_1_4_120002_3_3_1","5.1.4-120002.3.3.1"]