SUSE-SU-2025:3819-1

Description

Security update 5.1.1 for Multi-Linux Manager Client Tools This update fixes the following issues: dracut-saltboot was updated from version 0.1 to version 1.0.0: - Version 1.0.0 bugs fixed: * Reboot on salt key timeout (bsc#1237495) * Fixed parsing files with space in the name (bsc#1252100) golang-github-prometheus-alertmanager was updated from version 0.26.0 to 0.28.1 to : - Security issues fixed: * CVE-2025-47908: Fixed a Denial of Service vulnerability (bsc#1247748) - Version 0.28.1 changes and bugs fixed (jsc#PED-13285): * Improved performance of inhibition rules when using Equal labels. * Improve the documentation on escaping in UTF-8 matchers. * Update alertmanager_config_hash metric help to document the hash is not cryptographically strong. * Fixed panic in amtool when using --verbose. * Fixed templating of channel field for Rocket.Chat. * Fixed rocketchat_configs written as rocket_configs in docs. * Fixed usage for --enable-feature flag. * Trim whitespace from OpsGenie API Key. * Fixed Jira project template not rendered when searching for existing issues. * Fixed subtle bug in JSON/YAML encoding of inhibition rules that would cause Equal labels to be omitted. * Fixed header for slack_configs in docs. * Fixed weight and wrap of Microsoft Teams notifications. - Version 0.28.0 changes and bugs fixed: * Templating errors in the SNS integration now return an error. * Adopt log/slog, drop go-kit/log. * Added a new Microsoft Teams integration based on Flows. * Added a new Rocket.Chat integration. * Added a new Jira integration. * Added support for GOMEMLIMIT, enable it via the feature flag --enable-feature=auto-gomemlimit. * Added support for GOMAXPROCS, enable it via the feature flag --enable-feature=auto-gomaxprocs. * Added support for limits of silences including the maximum number of active and pending silences, and the maximum size per silence (in bytes). You can use the flags --silences.max-silences and --silences.max-silence-size-bytes to set them accordingly. * Muted alerts now show whether they are suppressed or not in both the /api/v2/alerts endpoint and the Alertmanager UI. - Version 0.27.0 changes and bugs fixed: * API: Removal of all api/v1/ endpoints. These endpoints now log and return a deprecation message and respond with a status code of 410. * UTF-8 Support: Introduction of support for any UTF-8 character as part of label names and matchers. * Discord Integration: Enforce max length in message. * Metrics: Introduced the experimental feature flag --enable-feature=receiver-name-in-metrics to include the receiver name. * Metrics: Introduced a new gauge named alertmanager_inhibition_rules that counts the number of configured inhibition rules. * Metrics: Introduced a new counter named alertmanager_alerts_supressed_total that tracks muted alerts, it contains a reason label to indicate the source of the mute. * Discord Integration: Introduced support for webhook_url_file. * Microsoft Teams Integration: Introduced support for webhook_url_file. * Microsoft Teams Integration: Added support for summary. * Metrics: Notification metrics now support two new values for the label reason, contextCanceled and contextDeadlineExceeded. * Email Integration: Contents of auth_password_file are now trimmed of prefixed and suffixed whitespace. * amtool: Fixes the error scheme required for webhook url when using amtool with --alertmanager.url. * Mixin: Fixed AlertmanagerFailedToSendAlerts, AlertmanagerClusterFailedToSendAlerts, and AlertmanagerClusterFailedToSendAlerts to make sure they ignore the reason label. grafana was updated to from version 11.5.5 to 11.5.7: - Security issues fixed: * CVE-2025-6023: Fixed cross-site-scripting via scripted dashboards (bsc#1246735) * CVE-2025-6197: Fixed open redirect in organization switching (bsc#1246736) * CVE-2025-3415: Fixed exposure of DingDing alerting integration URL to Viewer level users (bsc#1245302) - Other bugs fixed: * Azure: Fixed legend formatting. * Azure: Fixed resource name determination in template variable queries. mgr-push was updated from version 5.1.3 to 5.1.4: - Use absolute paths when invoking external commands python-defusedxml: - New package implemented at version 0.7.1 rhnlib was updated from version 5.1.2 to 5.1.3: - Use more secure defusedxml parser (bsc#1227577) spacecmd was updated from version 5.1.8 to 5.1.11: - Version 5.1.11 changes and bugs fixed: * Make spacecmd work with Python 3.12 and higher * Call print statements properly in Python 3 - Version 5.1.10 changes and bugs fixed: * Fixed use of renamed config parser class where the backward compatible alias was dropped in latest python version (bsc#1246586) - Version 5.1.9 changes and bugs fixed: * Fixed installation of python lib files on Ubuntu 24.04 spacewalk-client-tools was updated from version 5.1.6 to 5.1.7: - Fixed syntax error in changelog supportutils-plugin-susemanager-client was updated from version 5.1.3 to 5.1.4: - Fixed syntax error in changelog uyuni-tools was updated from version 5.1.15 to 5.1.20: - Version 5.1.20 changes and bugs fixed: * Added migration for server monitoring configuration (bsc#1247688) - Version 5.1.19 changes and bugs fixed: * Added a lowercase version of --logLevel (bsc#1243611) * Stop executing scripts in temporary folder (bsc#1243704) * support config: collect podman inspect for hub container (bsc#1245099) * Use new dedicated path for Cobbler settings (bsc#1244027) * Migrate custom auto installation snippets (bsc#1246320) * Added SUSE Linux Enterprise 15 SP7 to buildin productmap * Fixed loading product map from mgradm configuration file (bsc#1246068) * Fixed channel override for distro copy * Do not use sudo when running as a root user (bsc#1246882) * Do not require backups to be at the same location for restoring (bsc#1246906) * Fixed recomputing proxy images when installing a PTF or TEST (bsc#1246553) * Added mgradm server rename to change the server FQDN (bsc#1229825) * If no DB SSL CA parameter is given, use the other one (bsc#1245120) * More fault tolerant mgradm stop (bsc#1243331) * Backup systemd dropin directory too and create if missing * Added 3rd party SSL options for upgrade and migration scenarios * Do not consider stderr output of podman as an error (bsc#1247836) * Restore SELinux contexts for restored backup volumes (bsc#1244127) * Automatically get up-to-date systemid file on salt based proxy hosts (bsc#1246789) * Bump the default image tag to 5.1.1 - Version 5.1.18 changes and bugs fixed: * Updated translation strings - Version 5.1.17 changes and bugs fixed: * Upgrade of saline should use scale function (bsc#1246864) - Version 5.1.16 changes and bugs fixed: * Use database backup volume as temporary backup location (bsc#1246628)

Affected Systems

• suse•dracut-saltboot&distro=SUSE Multi Linux Manager Tools SLE-15

  < 1.0.0-150002.3.3.1

• suse•dracut-saltboot&distro=SUSE Multi Linux Manager Tools SLE-Micro-5

  < 1.0.0-150002.3.3.1

• suse•golang-github-prometheus-alertmanager&distro=SUSE Multi Linux Manager Tools SLE-15

  < 0.28.1-150002.4.3.3

• suse•grafana&distro=SUSE Multi Linux Manager Tools SLE-15

  < 11.5.7-150002.4.3.3

• suse•mgr-push&distro=SUSE Multi Linux Manager Tools SLE-15

  < 5.1.4-150002.3.3.3

• suse•python-defusedxml&distro=SUSE Multi Linux Manager Tools SLE-15

  < 0.7.1-150002.1.3.2

• suse•rhnlib&distro=SUSE Multi Linux Manager Tools SLE-15

  < 5.1.3-150002.3.3.2

• suse•spacecmd&distro=SUSE Multi Linux Manager Tools SLE-15

  < 5.1.11-150002.3.3.2

• suse•spacewalk-client-tools&distro=SUSE Multi Linux Manager Tools SLE-15

  < 5.1.7-150002.3.3.3

• suse•supportutils-plugin-susemanager-client&distro=SUSE Multi Linux Manager Tools SLE-15

  < 5.1.4-150002.3.3.2

• suse•uyuni-tools&distro=SUSE Multi Linux Manager Tools SLE-15

  < 5.1.20-150002.3.3.3

• suse•uyuni-tools&distro=SUSE Multi Linux Manager Tools SLE-Micro-5

  < 5.1.20-150002.3.3.3

References (32)

• https://www.suse.com/support/update/announcement/2025/suse-su-20253819-1/
• https://bugzilla.suse.com/1019074
• https://bugzilla.suse.com/1227577
• https://bugzilla.suse.com/1229825
• https://bugzilla.suse.com/1237495
• https://bugzilla.suse.com/1243331
• https://bugzilla.suse.com/1243611
• https://bugzilla.suse.com/1243704
• https://bugzilla.suse.com/1244027
• https://bugzilla.suse.com/1244127
• https://bugzilla.suse.com/1245099
• https://bugzilla.suse.com/1245120
• https://bugzilla.suse.com/1245302
• https://bugzilla.suse.com/1246068
• https://bugzilla.suse.com/1246320
• https://bugzilla.suse.com/1246553
• https://bugzilla.suse.com/1246586
• https://bugzilla.suse.com/1246628
• https://bugzilla.suse.com/1246735
• https://bugzilla.suse.com/1246736
• https://bugzilla.suse.com/1246789
• https://bugzilla.suse.com/1246864
• https://bugzilla.suse.com/1246882
• https://bugzilla.suse.com/1246906
• https://bugzilla.suse.com/1247688
• https://bugzilla.suse.com/1247748
• https://bugzilla.suse.com/1247836
• https://bugzilla.suse.com/1252100
• https://www.suse.com/security/cve/CVE-2025-3415
• https://www.suse.com/security/cve/CVE-2025-47908
• https://www.suse.com/security/cve/CVE-2025-6023
• https://www.suse.com/security/cve/CVE-2025-6197