Security update for Multi-Linux Manager 4.3: Server SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:1321-1 Final 1 1 2025-04-16T08:14:57Z current 2025-04-16T08:14:57Z 2025-04-16T08:14:57Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Multi-Linux Manager 4.3: Server This update fixes the following issues: spacewalk-java: - Version 4.3.85-0: * CVE-2025-23392: Filter user input in systems list page. (bsc#1239826) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-1321,SUSE-SLE-Module-SUSE-Manager-Server-4.3-2025-1321 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20251321-1/ Link for SUSE-SU-2025:1321-1 https://lists.suse.com/pipermail/sle-updates/2025-April/039035.html E-Mail link for SUSE-SU-2025:1321-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1239826 SUSE Bug 1239826 https://www.suse.com/security/cve/CVE-2025-23392/ SUSE CVE CVE-2025-23392 page SUSE Manager Server Module 4.3 spacewalk-java-4.3.85-150400.3.105.3 spacewalk-java-apidoc-sources-4.3.85-150400.3.105.3 spacewalk-java-config-4.3.85-150400.3.105.3 spacewalk-java-lib-4.3.85-150400.3.105.3 spacewalk-java-postgresql-4.3.85-150400.3.105.3 spacewalk-taskomatic-4.3.85-150400.3.105.3 spacewalk-java-4.3.85-150400.3.105.3 as a component of SUSE Manager Server Module 4.3 spacewalk-java-config-4.3.85-150400.3.105.3 as a component of SUSE Manager Server Module 4.3 spacewalk-java-lib-4.3.85-150400.3.105.3 as a component of SUSE Manager Server Module 4.3 spacewalk-java-postgresql-4.3.85-150400.3.105.3 as a component of SUSE Manager Server Module 4.3 spacewalk-taskomatic-4.3.85-150400.3.105.3 as a component of SUSE Manager Server Module 4.3 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2025-23392 SUSE Manager Server Module 4.3:spacewalk-java-4.3.85-150400.3.105.3 SUSE Manager Server Module 4.3:spacewalk-java-config-4.3.85-150400.3.105.3 SUSE Manager Server Module 4.3:spacewalk-java-lib-4.3.85-150400.3.105.3 SUSE Manager Server Module 4.3:spacewalk-java-postgresql-4.3.85-150400.3.105.3 SUSE Manager Server Module 4.3:spacewalk-taskomatic-4.3.85-150400.3.105.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20251321-1/ https://www.suse.com/security/cve/CVE-2025-23392.html CVE-2025-23392 https://bugzilla.suse.com/1239826 SUSE Bug 1239826