Security update for SUSE Manager Client Tools SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:0532-1 Final 1 1 2025-02-14T07:20:12Z current 2025-02-14T07:20:12Z 2025-02-14T07:20:12Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for SUSE Manager Client Tools This update fixes the following issues: scap-security-guide was updated to version 0.1.75 (jsc#ECO-3319): - Added Ism profile for OL8, OL9 - Added new product kylinserver10 - Created OL10 product - Release SLMicro5 product - Replaced two date injections by SOURCE_DATE_EPOCH to make reproducible (bsc#1230361) - Updated PCI-DSS control file for version 4.0.1 spacecmd was updated to version 5.0.11-0: - Updated translation strings uyuni-tools was updated from version 0.1.23-0 to 0.1.27-0: - Security issues fixed: * CVE-2024-22037: Use podman secret to store the database credentials (bsc#1231497) - Other changes and bugs fixed: * Version 0.1.27-0 + Bump the default image tag to 5.0.3 + IsInstalled function fix + Run systemctl daemon-reload after changing the container image config (bsc#1233279) + Coco-replicas-upgrade + Persist search server indexes (bsc#1231759) + Sync deletes files during migration (bsc#1233660) + Ignore coco and hub images when applying PTF if they are not ailable (bsc#1229079) + Add --registry back to mgrpxy (bsc#1233202) + Only add java.hostname on migrated server if not present + Consider the configuration file to detect the coco or hub api images should be pulled (bsc#1229104) + Only raise an error if cloudguestregistryauth fails for PAYG (bsc#1233630) + Add registry.suse.com login to mgradm upgrade podman list (bsc#1234123) * Version 0.1.26-0 + Ignore all zypper caches during migration (bsc#1232769) + Use the uyuni network for all podman containers (bsc#1232817) * Version 0.1.25-0 + Don't migrate enabled systemd services, recreate them (bsc#1232575) * Version 0.1.24-0 + Redact JSESSIONID and pxt-session-cookie values from logs and console output (bsc#1231568) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-532,SUSE-EL-9-CLIENT-TOOLS-2025-532 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20250532-1/ Link for SUSE-SU-2025:0532-1 https://lists.suse.com/pipermail/sle-security-updates/2025-February/020342.html E-Mail link for SUSE-SU-2025:0532-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1229079 SUSE Bug 1229079 https://bugzilla.suse.com/1229104 SUSE Bug 1229104 https://bugzilla.suse.com/1230361 SUSE Bug 1230361 https://bugzilla.suse.com/1231497 SUSE Bug 1231497 https://bugzilla.suse.com/1231568 SUSE Bug 1231568 https://bugzilla.suse.com/1231759 SUSE Bug 1231759 https://bugzilla.suse.com/1232575 SUSE Bug 1232575 https://bugzilla.suse.com/1232769 SUSE Bug 1232769 https://bugzilla.suse.com/1232817 SUSE Bug 1232817 https://bugzilla.suse.com/1233202 SUSE Bug 1233202 https://bugzilla.suse.com/1233279 SUSE Bug 1233279 https://bugzilla.suse.com/1233630 SUSE Bug 1233630 https://bugzilla.suse.com/1233660 SUSE Bug 1233660 https://bugzilla.suse.com/1234123 SUSE Bug 1234123 https://www.suse.com/security/cve/CVE-2024-22037/ SUSE CVE CVE-2024-22037 page SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS SUSE:EL-9:Update:Products:ManagerTools:Update mgradm-0.1.28-1.14.1 mgradm-bash-completion-0.1.28-1.14.1 mgradm-zsh-completion-0.1.28-1.14.1 mgrctl-0.1.28-1.14.1 mgrctl-bash-completion-0.1.28-1.14.1 mgrctl-zsh-completion-0.1.28-1.14.1 mgrpxy-0.1.28-1.14.1 mgrpxy-bash-completion-0.1.28-1.14.1 mgrpxy-zsh-completion-0.1.28-1.14.1 scap-security-guide-0.1.75-1.32.1 scap-security-guide-debian-0.1.75-1.32.1 scap-security-guide-redhat-0.1.75-1.32.1 scap-security-guide-ubuntu-0.1.75-1.32.1 spacecmd-5.0.11-1.44.1 mgrctl-0.1.28-1.14.1 as a component of SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS mgrctl-bash-completion-0.1.28-1.14.1 as a component of SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS mgrctl-zsh-completion-0.1.28-1.14.1 as a component of SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS scap-security-guide-redhat-0.1.75-1.32.1 as a component of SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS spacecmd-5.0.11-1.44.1 as a component of SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS mgradm-0.1.28-1.14.1 as a component of SUSE:EL-9:Update:Products:ManagerTools:Update mgradm-bash-completion-0.1.28-1.14.1 as a component of SUSE:EL-9:Update:Products:ManagerTools:Update mgradm-zsh-completion-0.1.28-1.14.1 as a component of SUSE:EL-9:Update:Products:ManagerTools:Update mgrctl-0.1.28-1.14.1 as a component of SUSE:EL-9:Update:Products:ManagerTools:Update mgrctl-bash-completion-0.1.28-1.14.1 as a component of SUSE:EL-9:Update:Products:ManagerTools:Update mgrctl-zsh-completion-0.1.28-1.14.1 as a component of SUSE:EL-9:Update:Products:ManagerTools:Update mgrpxy-0.1.28-1.14.1 as a component of SUSE:EL-9:Update:Products:ManagerTools:Update mgrpxy-bash-completion-0.1.28-1.14.1 as a component of SUSE:EL-9:Update:Products:ManagerTools:Update mgrpxy-zsh-completion-0.1.28-1.14.1 as a component of SUSE:EL-9:Update:Products:ManagerTools:Update scap-security-guide-0.1.75-1.32.1 as a component of SUSE:EL-9:Update:Products:ManagerTools:Update scap-security-guide-debian-0.1.75-1.32.1 as a component of SUSE:EL-9:Update:Products:ManagerTools:Update scap-security-guide-redhat-0.1.75-1.32.1 as a component of SUSE:EL-9:Update:Products:ManagerTools:Update scap-security-guide-ubuntu-0.1.75-1.32.1 as a component of SUSE:EL-9:Update:Products:ManagerTools:Update spacecmd-5.0.11-1.44.1 as a component of SUSE:EL-9:Update:Products:ManagerTools:Update The uyuni-server-attestation systemd service needs a database_password environment variable. This file has 640 permission, and cannot be shown users, but the environment is still exposed by systemd to non-privileged users. CVE-2024-22037 SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:mgrctl-0.1.28-1.14.1 SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:mgrctl-bash-completion-0.1.28-1.14.1 SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:mgrctl-zsh-completion-0.1.28-1.14.1 SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:scap-security-guide-redhat-0.1.75-1.32.1 SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS:spacecmd-5.0.11-1.44.1 SUSE:EL-9:Update:Products:ManagerTools:Update:mgradm-0.1.28-1.14.1 SUSE:EL-9:Update:Products:ManagerTools:Update:mgradm-bash-completion-0.1.28-1.14.1 SUSE:EL-9:Update:Products:ManagerTools:Update:mgradm-zsh-completion-0.1.28-1.14.1 SUSE:EL-9:Update:Products:ManagerTools:Update:mgrctl-0.1.28-1.14.1 SUSE:EL-9:Update:Products:ManagerTools:Update:mgrctl-bash-completion-0.1.28-1.14.1 SUSE:EL-9:Update:Products:ManagerTools:Update:mgrctl-zsh-completion-0.1.28-1.14.1 SUSE:EL-9:Update:Products:ManagerTools:Update:mgrpxy-0.1.28-1.14.1 SUSE:EL-9:Update:Products:ManagerTools:Update:mgrpxy-bash-completion-0.1.28-1.14.1 SUSE:EL-9:Update:Products:ManagerTools:Update:mgrpxy-zsh-completion-0.1.28-1.14.1 SUSE:EL-9:Update:Products:ManagerTools:Update:scap-security-guide-0.1.75-1.32.1 SUSE:EL-9:Update:Products:ManagerTools:Update:scap-security-guide-debian-0.1.75-1.32.1 SUSE:EL-9:Update:Products:ManagerTools:Update:scap-security-guide-redhat-0.1.75-1.32.1 SUSE:EL-9:Update:Products:ManagerTools:Update:scap-security-guide-ubuntu-0.1.75-1.32.1 SUSE:EL-9:Update:Products:ManagerTools:Update:spacecmd-5.0.11-1.44.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250532-1/ https://www.suse.com/security/cve/CVE-2024-22037.html CVE-2024-22037 https://bugzilla.suse.com/1231497 SUSE Bug 1231497