Security update 4.3.15.2 SUSE Manager Server 4.3 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:01994-1 Final 1 1 2025-06-18T02:13:38Z current 2025-06-18T02:13:38Z 2025-06-18T02:13:38Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update 4.3.15.2 SUSE Manager Server 4.3 This update fixes the following issues: netty: - Security issues fixed: * CVE-2024-47535: Decorate InputStream to throw an exception once the data read limit is reached (bsc#1233297) - Other changes: * Replace AlgorithmId.sha256WithRSAEncryption_oid usage with specify the OID directly susemanager-sync-data: - Version 4.3.22-0: * Added support for OES 24.4 (bsc#1230585) * Set Ubuntu 24.04 as released How to apply this update: 1. Log in as root user to the Multi-Linux Manager Server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-1994,SUSE-SLE-Module-SUSE-Manager-Server-4.3-2025-1994 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202501994-1/ Link for SUSE-SU-2025:01994-1 https://lists.suse.com/pipermail/sle-updates/2025-June/040344.html E-Mail link for SUSE-SU-2025:01994-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1230585 SUSE Bug 1230585 https://bugzilla.suse.com/1233297 SUSE Bug 1233297 https://www.suse.com/security/cve/CVE-2024-47535/ SUSE CVE CVE-2024-47535 page SUSE Manager Server Module 4.3 netty-4.1.44.Final-150400.3.6.3 susemanager-sync-data-4.3.23-150400.3.41.3 netty-4.1.44.Final-150400.3.6.3 as a component of SUSE Manager Server Module 4.3 susemanager-sync-data-4.3.23-150400.3.41.3 as a component of SUSE Manager Server Module 4.3 Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115. CVE-2024-47535 SUSE Manager Server Module 4.3:netty-4.1.44.Final-150400.3.6.3 SUSE Manager Server Module 4.3:susemanager-sync-data-4.3.23-150400.3.41.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501994-1/ https://www.suse.com/security/cve/CVE-2024-47535.html CVE-2024-47535 https://bugzilla.suse.com/1233297 SUSE Bug 1233297