SUSE-SU-2026:0628-1

Description

Security update 5.1.2 for Multi-Linux Manager Client Tools This update fixes the following issues: golang-github-QubitProducts-exporter_exporter: - Non-customer-facing optimization around source building golang-github-boynux-squid_exporter: - Update to version 1.13.0 (jsc#PED-14971) - Add support for squid-internal-mgr path for metrics. - Update to version 1.12.0 - Add TLS and basic authentication support for the web interface. - Update to version 1.11.0 - Allow adding custom labels to all metrics. - Update to version 1.10.0 - Add ability to configure the exporter using environment variables. - Add support for Squid 6 - Add `squid_up` metric - Add `squid_scrape_duration_seconds` metric - Add `squid_scrape_error` metric - Update to version 1.9.0 - Add `process_open_fds` metric to monitor open file descriptors. - Use `CAP_DAC_READ_SEARCH` capability to allow reading process information without running as root. - Update to version 1.8.0 - Add various service time metrics to provide more detailed performance data. - Update to version 1.7.0 - Add support for basic authentication against the Squid proxy. - Fix `squid_client_http_requests_total` metric - Upstream changes for v1.9.0: - Use `CAP_DAC_READ_SEARCH` capability to allow reading process information without running as root. - Upstream changes for v1.8.0: - Add various service time metrics to provide more detailed performance data. - Upstream changes for v1.7.0: Squid proxy.Update to version 1.10.0 - Add ability to configure the exporter using environment variables. - Add `process_open_fds` metric to monitor open file descriptors. - Use `CAP_DAC_READ_SEARCH` capability to allow reading process information without running as root. - Add various service time metrics to provide more detailed performance data. - Add support for basic authentication against the Squid proxy. - Use current distro go default version. Use auto-versioning on SUSE as well. golang-github-lusitaniae-apache_exporter: - Build without apparmor for openSUSE Leap 16, SLES 16 or newer - Update to version 1.0.10 * Update github.com/prometheus/client_golang to 1.21.1 * Update github.com/prometheus/common to 0.63.0 * Update github.com/prometheus/exporter-toolkit to 0.14.0 - Update to version 1.0.9 * Update github.com/prometheus/client_golang to 1.20.4 * Update github.com/prometheus/common to 0.59.1 * Update github.com/prometheus/exporter-toolkit to 0.13.0 * Migrate logging to log/slog * Fix signal handler logging golang-github-prometheus-alertmanager: - Require gcc11-c++ for building with SLE 12 golang-github-prometheus-node_exporter: - Require gcc11-c++ for building with SLE 12 golang-github-prometheus-prometheus: - Security issues fixed: * CVE-2025-12816: Interpretation conflict vulnerability allowing bypassing cryptographic verifications (bsc#1255588) - Update to 3.5.0 (jsc#PED-13824): This is a Long-Term Support (LTS) release. * [FEATURE] Remote-write: Add support for Azure Workload Identity as an authentication method for the receiver. * [FEATURE] PromQL: Add first_over_time(...) and ts_of_first_over_time(...) behind feature flag. * [FEATURE] Federation: Add support for native histograms with custom buckets (NHCB). * [ENHANCEMENT] PromQL: Add warn-level annotations for counter reset conflicts in certain histogram operations. * [ENHANCEMENT] UI: Add scrape interval and scrape timeout to targets page. - Update to 3.4.0: * [FEATURE] SD: Add unified AWS service discovery for ec2, lightsail and ecs services. * [FEATURE] Native histograms are now a stable, but optional feature. * [FEATURE] UI: Show detailed relabeling steps for each discovered target. * [ENHANCEMENT] Alerting: Add 'unknown' state for alerting rules that haven't been evaluated yet. * [BUGFIX] Scrape: Fix a bug where scrape cache would not be cleared on startup. - Update to 3.3.0: * [FEATURE] Spring Boot 3.3 includes support for the Prometheus Client 1.x. * [ENHANCEMENT] Dependency management for Dropwizard Metrics has been removed. - Update to 3.2.0: * [FEATURE] OAuth2: support jwt-bearer grant-type (RFC7523 3.1). * [ENHANCEMENT] PromQL: Reconcile mismatched NHCB bounds in Add and Sub. * [BUGFIX] TSDB: Native Histogram Custom Bounds with a NaN threshold are now rejected. - Update to 3.1.0: * [FEATURE] Remote-write 2 (receiving): Update to 2.0-rc.4 spec. 'created timestamp' (CT) is now called 'start timestamp' (ST). * [BUGFIX] Mixin: Add static UID to the remote-write dashboard. - Update to 3.0.1: * [BUGFIX] Promql: Make subqueries left open. * [BUGFIX] Fix memory leak when query log is enabled. * [BUGFIX] Support utf8 names on /v1/label/:name/values endpoint. - Update to 3.0.0: This release includes new features such as a brand new UI and UTF-8 support enabled by default. * [CHANGE] Deprecated feature flags removed. * [FEATURE] New UI. * [FEATURE] Remote Write 2.0. * [FEATURE] OpenTelemetry Support. * [FEATURE] UTF-8 support is now stable and enabled by default. * [FEATURE] OTLP Ingestion. * [FEATURE] Native Histograms. * [BUGFIX] PromQL: Fix count_values for histograms. * [BUGFIX] TSDB: Fix race on stale values in headAppender. * [BUGFIX] UI: Fix selector / series formatting for empty metric names. - Update to 2.55.0: * [FEATURE] PromQL: Add `last_over_time` function. * [FEATURE] Agent: Add `prometheus_agent_build_info` metric. * [ENHANCEMENT] PromQL: Optimise `group()` and `group by()`. * [ENHANCEMENT] TSDB: Reduce memory usage when loading blocks. * [BUGFIX] Scrape: Fix a bug where a target could be scraped multiple times. - Update to 2.54.0: This release brings a release candidate of a major new version of Remote Write: 2.0. * [CHANGE] Remote-Write: highest_timestamp_in_seconds and queue_highest_sent_timestamp_seconds metrics now initialized to 0. * [CHANGE] API: Split warnings from info annotations in API response. * [FEATURE] Remote-Write: Version 2.0 experimental, plus metadata in WAL via feature flag. * [FEATURE] PromQL: add limitk() and limit_ratio() aggregation operators. * [ENHANCEMENT] PromQL: Accept underscores in literal numbers. * [ENHANCEMENT] PromQL: float literal numbers and durations are now interchangeable (experimental). * [ENHANCEMENT] PromQL (experimental native histograms): Optimize histogram_count and histogram_sum functions. * [BUGFIX] PromQL: Fix various issues with native histograms. * [BUGFIX] OTLP receiver: Allow colons in non-standard units. - Require gcc11-c++ for building with SLE 12 grafana: - CVE-2025-68156: Fix potential DoS via unbounded recursion in builtin functions (bsc#1255340) mgr-push: - Version 5.1.5-0 * Non-customer-facing optimization and update prometheus-blackbox_exporter: - Non-customer-facing optimization and update rhnlib: - Version 5.1.4-0 * Non-customer-facing optimization and update spacecmd: - Version 5.1.12-0 * Fix spacecmd binary file upload (bsc#1253659) * Fix typo in spacecmd help ca-cert flag (bsc#1253174) * Convert cached IDs to int (bsc#1251995) * Fix methods in api namespace in spacecmd (bsc#1249532) * Make caching code Py 2.7 compatible * Use JSON instead of pickle for spacecmd cache (bsc#1227579) * Python 2.7 cannot re-raise exceptions spacewalk-client-tools: - Version 5.1.8-0 * Non-customer-facing optimization and update supportutils-plugin-susemanager-client: - Version 5.1.5-0 * Non-customer-facing optimization and update uyuni-common-libs: - Version 5.1.5-0 * Non-customer-facing optimization and update uyuni-tools: - Version 5.1.24-0 * Actually use the --dbupgrade-tag parameter when computing the image URL (bsc#1249400) * Handle CA files with symlinks during migration (bsc#1251044) * Adjust traefik exposed configuration for chart v27+ (bsc#1247721) * Fix systemd object initialization in server rename. (bsc#1250981) * Add SSL secrets to the db setup container during migration. (bsc#1250976) * Fix images handling in mgrpxy support ptf (bsc#1250940) * Fix helm upgrade parameters (bsc#1253966) * Detect custom apache and squid config in the /etc/uyuni/proxy folder * Add ssh tuning to configure sshd (bsc#1253738) * Move the SSL checks at the beginning of the migration * Remove cgroup mount for podman containers (bsc#1253347) * Convert the traefik install time to local time (bsc#1251138) * During migration, krb5.conf.d should be copied in /etc/rhn (bsc#1254478) * Read env var from http conf file (bsc#1253282) * Add --registry-host, --registry-user and --registry-password to pull images from an authenticate registry * Deprecate --registry * Unify backup create and restore dryrun option case * Fix calling of squid -z in mgrpxy cache clear (bsc#1247644) * Always start database container even if enabled * Remove extra ipv6 mapping and nftables workaround (bsc#1248848) * Remove old PostgreSQL exporter environment file before migration * Support config command parse correctly supportconfig output (bsc#1255781)

Affected Systems

• suse•golang-github-boynux-squid_exporter&distro=SUSE Multi Linux Manager Tools SLE-12

  < 1.13.0-120002.3.3.1

• suse•golang-github-lusitaniae-apache_exporter&distro=SUSE Multi Linux Manager Tools SLE-12

  < 1.0.10-120002.3.3.1

• suse•golang-github-prometheus-alertmanager&distro=SUSE Multi Linux Manager Tools SLE-12

  < 0.28.1-120002.4.6.1

• suse•golang-github-prometheus-node_exporter&distro=SUSE Multi Linux Manager Tools SLE-12

  < 1.9.1-120002.3.3.1

• suse•golang-github-prometheus-prometheus&distro=SUSE Multi Linux Manager Tools SLE-12

  < 3.5.0-120002.3.3.1

• suse•golang-github-QubitProducts-exporter_exporter&distro=SUSE Multi Linux Manager Tools SLE-12

  < 0.4.0-120002.3.3.1

• suse•grafana&distro=SUSE Multi Linux Manager Tools SLE-12

  < 11.5.10-120002.4.9.1

• suse•mgr-push&distro=SUSE Multi Linux Manager Tools SLE-12

  < 5.1.5-120002.3.6.1

• suse•prometheus-blackbox_exporter&distro=SUSE Multi Linux Manager Tools SLE-12

  < 0.26.0-120002.3.3.1

• suse•rhnlib&distro=SUSE Multi Linux Manager Tools SLE-12

  < 5.1.4-120002.3.6.1

• suse•spacecmd&distro=SUSE Multi Linux Manager Tools SLE-12

  < 5.1.12-120002.3.6.1

• suse•spacewalk-client-tools&distro=SUSE Multi Linux Manager Tools SLE-12

  < 5.1.8-120002.3.6.1

• suse•supportutils-plugin-susemanager-client&distro=SUSE Multi Linux Manager Tools SLE-12

  < 5.1.5-120002.3.6.1

• suse•uyuni-common-libs&distro=SUSE Multi Linux Manager Tools SLE-12

  < 5.1.5-120002.3.3.1

• suse•uyuni-tools&distro=SUSE Multi Linux Manager Tools SLE-12

  < 5.1.24-120002.3.9.1

References (25)

• https://www.suse.com/support/update/announcement/2026/suse-su-20260628-1/
• https://bugzilla.suse.com/1227579
• https://bugzilla.suse.com/1247644
• https://bugzilla.suse.com/1247721
• https://bugzilla.suse.com/1248848
• https://bugzilla.suse.com/1249400
• https://bugzilla.suse.com/1249532
• https://bugzilla.suse.com/1250940
• https://bugzilla.suse.com/1250976
• https://bugzilla.suse.com/1250981
• https://bugzilla.suse.com/1251044
• https://bugzilla.suse.com/1251138
• https://bugzilla.suse.com/1251995
• https://bugzilla.suse.com/1253174
• https://bugzilla.suse.com/1253282
• https://bugzilla.suse.com/1253347
• https://bugzilla.suse.com/1253659
• https://bugzilla.suse.com/1253738
• https://bugzilla.suse.com/1253966
• https://bugzilla.suse.com/1254478
• https://bugzilla.suse.com/1255340
• https://bugzilla.suse.com/1255588
• https://bugzilla.suse.com/1255781
• https://www.suse.com/security/cve/CVE-2025-12816
• https://www.suse.com/security/cve/CVE-2025-68156