Security update for SUSE Manager Client Tools SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:20124-1 Final 1 1 2025-02-13T08:38:09Z current 2025-02-13T08:38:09Z 2025-02-13T08:38:09Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for SUSE Manager Client Tools This update fixes the following issues: salt: - Revert setting SELinux context for minion service (bsc#1233667) - Removed System V init support - Fix the condition of alternatives for Tumbleweed and Leap 16 - Build all python bindings for all flavors - Make minion reconnecting on changing master IP (bsc#1228182) - Handle logger exception when flushing already closed file - Include passlib as a recommended dependency - Make Salt Bundle more tolerant to long running jobs (bsc#1228690) uyuni-tools was updated from version 0.1.23-0 to 0.1.27-0: - Security issues fixed: * CVE-2024-22037: Use podman secret to store the database credentials (bsc#1231497) - Other changes and bugs fixed: * Version 0.1.27-0 + Bump the default image tag to 5.0.3 + IsInstalled function fix + Run systemctl daemon-reload after changing the container image config (bsc#1233279) + Coco-replicas-upgrade + Persist search server indexes (bsc#1231759) + Sync deletes files during migration (bsc#1233660) + Ignore coco and hub images when applying PTF if they are not ailable (bsc#1229079) + Add --registry back to mgrpxy (bsc#1233202) + Only add java.hostname on migrated server if not present + Consider the configuration file to detect the coco or hub api images should be pulled (bsc#1229104) + Only raise an error if cloudguestregistryauth fails for PAYG (bsc#1233630) + Add registry.suse.com login to mgradm upgrade podman list (bsc#1234123) * Version 0.1.26-0 + Ignore all zypper caches during migration (bsc#1232769) + Use the uyuni network for all podman containers (bsc#1232817) * Version 0.1.25-0 + Don't migrate enabled systemd services, recreate them (bsc#1232575) * Version 0.1.24-0 + Redact JSESSIONID and pxt-session-cookie values from logs and console output (bsc#1231568) venv-salt-minion: - Included D-Bus python module for SUSE distros (bsc#1231618) - Reverted setting SELinux context for minion service (bsc#1233667) - Make minion reconnecting on changing master IP (bsc#1228182) - Fixed post_start_cleanup.sh shebang to work on all systems - Handle logger exception when flushing already closed file - Made Salt Bundle more tolerant to long running jobs (bsc#1228690) - Modified: * include-rpm * filter-requires.sh The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Micro-6.0-211 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202520124-1/ Link for SUSE-SU-2025:20124-1 https://lists.suse.com/pipermail/sle-security-updates/2025-June/021205.html E-Mail link for SUSE-SU-2025:20124-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1228182 SUSE Bug 1228182 https://bugzilla.suse.com/1228690 SUSE Bug 1228690 https://bugzilla.suse.com/1229079 SUSE Bug 1229079 https://bugzilla.suse.com/1229104 SUSE Bug 1229104 https://bugzilla.suse.com/1231497 SUSE Bug 1231497 https://bugzilla.suse.com/1231568 SUSE Bug 1231568 https://bugzilla.suse.com/1231618 SUSE Bug 1231618 https://bugzilla.suse.com/1231759 SUSE Bug 1231759 https://bugzilla.suse.com/1232575 SUSE Bug 1232575 https://bugzilla.suse.com/1232769 SUSE Bug 1232769 https://bugzilla.suse.com/1232817 SUSE Bug 1232817 https://bugzilla.suse.com/1233202 SUSE Bug 1233202 https://bugzilla.suse.com/1233279 SUSE Bug 1233279 https://bugzilla.suse.com/1233630 SUSE Bug 1233630 https://bugzilla.suse.com/1233660 SUSE Bug 1233660 https://bugzilla.suse.com/1233667 SUSE Bug 1233667 https://bugzilla.suse.com/1234123 SUSE Bug 1234123 https://www.suse.com/security/cve/CVE-2024-22037/ SUSE CVE CVE-2024-22037 page SUSE Linux Micro 6.0 python311-salt-3006.0-9.1 salt-3006.0-9.1 salt-master-3006.0-9.1 salt-minion-3006.0-9.1 salt-transactional-update-3006.0-9.1 python311-salt-3006.0-9.1 as a component of SUSE Linux Micro 6.0 salt-3006.0-9.1 as a component of SUSE Linux Micro 6.0 salt-master-3006.0-9.1 as a component of SUSE Linux Micro 6.0 salt-minion-3006.0-9.1 as a component of SUSE Linux Micro 6.0 salt-transactional-update-3006.0-9.1 as a component of SUSE Linux Micro 6.0 The uyuni-server-attestation systemd service needs a database_password environment variable. This file has 640 permission, and cannot be shown users, but the environment is still exposed by systemd to non-privileged users. CVE-2024-22037 SUSE Linux Micro 6.0:python311-salt-3006.0-9.1 SUSE Linux Micro 6.0:salt-3006.0-9.1 SUSE Linux Micro 6.0:salt-master-3006.0-9.1 SUSE Linux Micro 6.0:salt-minion-3006.0-9.1 SUSE Linux Micro 6.0:salt-transactional-update-3006.0-9.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520124-1/ https://www.suse.com/security/cve/CVE-2024-22037.html CVE-2024-22037 https://bugzilla.suse.com/1231497 SUSE Bug 1231497