Security update 5.0.6 for Multi-Linux Manager Client Tools SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:4458-1 Final 1 1 2025-12-18T11:57:30Z current 2025-12-18T11:57:30Z 2025-12-18T11:57:30Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update 5.0.6 for Multi-Linux Manager Client Tools This update fixes the following issues: dracut-saltboot: - Update to version 1.0.0 * Reboot on salt key timeout (bsc#1237495) * Fixed parsing files with space in the name (bsc#1252100) grafana was updated from version 11.5.5 to 11.5.10: - Security issues fixed: * CVE-2025-47911: Fix parsing HTML documents (bsc#1251454) * CVE-2025-58190: Fix excessive memory consumption (bsc#1251657) * CVE-2025-64751: Drop experimental implementation of authorization Zanzana server/client (bsc#1254113) * CVE-2025-11065: Fixed sensitive information leak in logs (version 11.5.9) (bsc#1250616) * CVE-2025-6023: Fixed cross-site-scripting via scripted dashboards (version 11.5.7) (bsc#1246735) * CVE-2025-6197: Fixed open redirect in organization switching (version 11.5.7) (bsc#1246736) * CVE-2025-3415: Fixed exposure of DingDing alerting integration URL to Viewer level users (version 11.5.6) (bsc#1245302) - Other changes, new features and bugs fixed: * Version 11.5.10: + Update to Go 1.25 + Update to golang.org/x/net v0.45.0 + Auth: Fix render user OAuth passthrough + LDAP Authentication: Fix URL to propagate username context as parameter * Version 11.5.9: + Auditing: Document new options for recording datasource query request/response body. + Login: Fixed redirection after login when Grafana is served from subpath. * Version 11.5.7: + Azure: Fixed legend formatting and resource name determination in template variable queries. mgr-push: - Version 5.0.3-0 * Fixed syntax error in changelog rhnlib: - Version 5.0.6-0 * Use more secure defusedxml parser (bsc#1227577) spacecmd: - Version 5.0.14-0 * Fixed installation of python lib files on Ubuntu 24.04 (bsc#1246586) * Use JSON instead of pickle for spacecmd cache (bsc#1227579) * Make spacecmd to work with Python 3.12 and higher * Call print statements properly in Python 3 uyuni-tools: - Version 0.1.37-0 * Handle CA files with symlinks during migration (bsc#1251044) * Add a lowercase version of --logLevel (bsc#1243611) * Adjust traefik exposed configuration for chart v27+ (bsc#1247721) * Stop executing scripts in temporary folder (bsc#1243704) * Convert the traefik install time to local time (bsc#1251138) * Run smdba and reindex only during migration (bsc#1244534) * Support config: collect podman inspect for hub container (bsc#1245099) * Add --registry-host, --registry-user and --registry-password to pull images from an authenticate registry * Deprecate --registry * Use new dedicated path for Cobbler settings (bsc#1244027) * Migrate custom auto installation snippets (bsc#1246320) * Add SLE15SP7 to buildin productmap * Fix loading product map from mgradm configuration file (bsc#1246068) * Fix channel override for distro copy * Do not use sudo when running as a root user (bsc#1246882) * Do not require backups to be at the same location for restoring (bsc#1246906) * Check for restorecon presence before calling (bsc#1246925) * Automatically get up-to-date systemid file on salt based proxy hosts (bsc#1246789) * Fix recomputing proxy images when installing a ptf or test (bsc#1246553) * Add migration for server monitoring configuration (bsc#1247688) - Version 0.1.36-0 * Bump the default image tag - Version 0.1.35-0 * Restore SELinux contexts for restored backup volumes (bsc#1244127) - Version 0.1.34-0 * Fix mgradm backup create handling of images and systemd files (bsc#1246738) - Version 0.1.33-0 * Restore volumes using tar instead of podman import (bsc#1244127) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-4458,SUSE-SLE-Manager-Tools-15-2025-4458,SUSE-SLE-Manager-Tools-For-Micro-5-2025-4458,openSUSE-SLE-15.6-2025-4458 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20254458-1/ Link for SUSE-SU-2025:4458-1 https://lists.suse.com/pipermail/sle-security-updates/2025-December/023628.html E-Mail link for SUSE-SU-2025:4458-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1227577 SUSE Bug 1227577 https://bugzilla.suse.com/1227579 SUSE Bug 1227579 https://bugzilla.suse.com/1237495 SUSE Bug 1237495 https://bugzilla.suse.com/1243611 SUSE Bug 1243611 https://bugzilla.suse.com/1243704 SUSE Bug 1243704 https://bugzilla.suse.com/1244027 SUSE Bug 1244027 https://bugzilla.suse.com/1244127 SUSE Bug 1244127 https://bugzilla.suse.com/1244534 SUSE Bug 1244534 https://bugzilla.suse.com/1245099 SUSE Bug 1245099 https://bugzilla.suse.com/1245302 SUSE Bug 1245302 https://bugzilla.suse.com/1246068 SUSE Bug 1246068 https://bugzilla.suse.com/1246320 SUSE Bug 1246320 https://bugzilla.suse.com/1246553 SUSE Bug 1246553 https://bugzilla.suse.com/1246586 SUSE Bug 1246586 https://bugzilla.suse.com/1246662 SUSE Bug 1246662 https://bugzilla.suse.com/1246735 SUSE Bug 1246735 https://bugzilla.suse.com/1246736 SUSE Bug 1246736 https://bugzilla.suse.com/1246738 SUSE Bug 1246738 https://bugzilla.suse.com/1246789 SUSE Bug 1246789 https://bugzilla.suse.com/1246882 SUSE Bug 1246882 https://bugzilla.suse.com/1246906 SUSE Bug 1246906 https://bugzilla.suse.com/1246925 SUSE Bug 1246925 https://bugzilla.suse.com/1247688 SUSE Bug 1247688 https://bugzilla.suse.com/1247721 SUSE Bug 1247721 https://bugzilla.suse.com/1250616 SUSE Bug 1250616 https://bugzilla.suse.com/1251044 SUSE Bug 1251044 https://bugzilla.suse.com/1251138 SUSE Bug 1251138 https://bugzilla.suse.com/1252100 SUSE Bug 1252100 https://www.suse.com/security/cve/CVE-2025-11065/ SUSE CVE CVE-2025-11065 page https://www.suse.com/security/cve/CVE-2025-3415/ SUSE CVE CVE-2025-3415 page https://www.suse.com/security/cve/CVE-2025-6023/ SUSE CVE CVE-2025-6023 page https://www.suse.com/security/cve/CVE-2025-6197/ SUSE CVE CVE-2025-6197 page SUSE Manager Client Tools 15 SUSE Manager Client Tools for SLE Micro 5 openSUSE Leap 15.6 dracut-saltboot-1.0.0-150000.1.62.1 golang-github-prometheus-alertmanager-0.28.1-150000.9.1 grafana-11.5.10-150000.1.87.1 mgr-push-5.0.3-150000.1.30.1 mgrctl-0.1.37-150000.1.27.1 mgrctl-bash-completion-0.1.37-150000.1.27.1 mgrctl-lang-0.1.37-150000.1.27.1 mgrctl-zsh-completion-0.1.37-150000.1.27.1 python3-mgr-push-5.0.3-150000.1.30.1 python3-rhnlib-5.0.6-150000.3.49.1 spacecmd-5.0.14-150000.3.139.1 supportutils-plugin-susemanager-client-5.0.5-150000.3.30.1 dracut-saltboot-1.0.0-150000.1.62.1 as a component of SUSE Manager Client Tools 15 grafana-11.5.10-150000.1.87.1 as a component of SUSE Manager Client Tools 15 mgr-push-5.0.3-150000.1.30.1 as a component of SUSE Manager Client Tools 15 mgrctl-0.1.37-150000.1.27.1 as a component of SUSE Manager Client Tools 15 mgrctl-bash-completion-0.1.37-150000.1.27.1 as a component of SUSE Manager Client Tools 15 mgrctl-lang-0.1.37-150000.1.27.1 as a component of SUSE Manager Client Tools 15 mgrctl-zsh-completion-0.1.37-150000.1.27.1 as a component of SUSE Manager Client Tools 15 python3-mgr-push-5.0.3-150000.1.30.1 as a component of SUSE Manager Client Tools 15 python3-rhnlib-5.0.6-150000.3.49.1 as a component of SUSE Manager Client Tools 15 spacecmd-5.0.14-150000.3.139.1 as a component of SUSE Manager Client Tools 15 supportutils-plugin-susemanager-client-5.0.5-150000.3.30.1 as a component of SUSE Manager Client Tools 15 dracut-saltboot-1.0.0-150000.1.62.1 as a component of SUSE Manager Client Tools for SLE Micro 5 mgrctl-0.1.37-150000.1.27.1 as a component of SUSE Manager Client Tools for SLE Micro 5 mgrctl-bash-completion-0.1.37-150000.1.27.1 as a component of SUSE Manager Client Tools for SLE Micro 5 mgrctl-lang-0.1.37-150000.1.27.1 as a component of SUSE Manager Client Tools for SLE Micro 5 mgrctl-zsh-completion-0.1.37-150000.1.27.1 as a component of SUSE Manager Client Tools for SLE Micro 5 dracut-saltboot-1.0.0-150000.1.62.1 as a component of openSUSE Leap 15.6 spacecmd-5.0.14-150000.3.139.1 as a component of openSUSE Leap 15.6 supportutils-plugin-susemanager-client-5.0.5-150000.3.30.1 as a component of openSUSE Leap 15.6 unknown CVE-2025-11065 SUSE Manager Client Tools 15:dracut-saltboot-1.0.0-150000.1.62.1 SUSE Manager Client Tools 15:grafana-11.5.10-150000.1.87.1 SUSE Manager Client Tools 15:mgr-push-5.0.3-150000.1.30.1 SUSE Manager Client Tools 15:mgrctl-0.1.37-150000.1.27.1 SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.37-150000.1.27.1 SUSE Manager Client Tools 15:mgrctl-lang-0.1.37-150000.1.27.1 SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.37-150000.1.27.1 SUSE Manager Client Tools 15:python3-mgr-push-5.0.3-150000.1.30.1 SUSE Manager Client Tools 15:python3-rhnlib-5.0.6-150000.3.49.1 SUSE Manager Client Tools 15:spacecmd-5.0.14-150000.3.139.1 SUSE Manager Client Tools 15:supportutils-plugin-susemanager-client-5.0.5-150000.3.30.1 SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.0.0-150000.1.62.1 SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.37-150000.1.27.1 SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.37-150000.1.27.1 SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.37-150000.1.27.1 SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.37-150000.1.27.1 openSUSE Leap 15.6:dracut-saltboot-1.0.0-150000.1.62.1 openSUSE Leap 15.6:spacecmd-5.0.14-150000.3.139.1 openSUSE Leap 15.6:supportutils-plugin-susemanager-client-5.0.5-150000.3.30.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254458-1/ https://www.suse.com/security/cve/CVE-2025-11065.html CVE-2025-11065 https://bugzilla.suse.com/1250608 SUSE Bug 1250608 Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01, 11.5.5+security-01, 11.6.2+security-01 and 12.0.1+security-01 CVE-2025-3415 SUSE Manager Client Tools 15:dracut-saltboot-1.0.0-150000.1.62.1 SUSE Manager Client Tools 15:grafana-11.5.10-150000.1.87.1 SUSE Manager Client Tools 15:mgr-push-5.0.3-150000.1.30.1 SUSE Manager Client Tools 15:mgrctl-0.1.37-150000.1.27.1 SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.37-150000.1.27.1 SUSE Manager Client Tools 15:mgrctl-lang-0.1.37-150000.1.27.1 SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.37-150000.1.27.1 SUSE Manager Client Tools 15:python3-mgr-push-5.0.3-150000.1.30.1 SUSE Manager Client Tools 15:python3-rhnlib-5.0.6-150000.3.49.1 SUSE Manager Client Tools 15:spacecmd-5.0.14-150000.3.139.1 SUSE Manager Client Tools 15:supportutils-plugin-susemanager-client-5.0.5-150000.3.30.1 SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.0.0-150000.1.62.1 SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.37-150000.1.27.1 SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.37-150000.1.27.1 SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.37-150000.1.27.1 SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.37-150000.1.27.1 openSUSE Leap 15.6:dracut-saltboot-1.0.0-150000.1.62.1 openSUSE Leap 15.6:spacecmd-5.0.14-150000.3.139.1 openSUSE Leap 15.6:supportutils-plugin-susemanager-client-5.0.5-150000.3.30.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254458-1/ https://www.suse.com/security/cve/CVE-2025-3415.html CVE-2025-3415 https://bugzilla.suse.com/1245302 SUSE Bug 1245302 An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect can be chained with path traversal vulnerabilities to achieve XSS. Fixed in versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 and 11.3.8+security-01 CVE-2025-6023 SUSE Manager Client Tools 15:dracut-saltboot-1.0.0-150000.1.62.1 SUSE Manager Client Tools 15:grafana-11.5.10-150000.1.87.1 SUSE Manager Client Tools 15:mgr-push-5.0.3-150000.1.30.1 SUSE Manager Client Tools 15:mgrctl-0.1.37-150000.1.27.1 SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.37-150000.1.27.1 SUSE Manager Client Tools 15:mgrctl-lang-0.1.37-150000.1.27.1 SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.37-150000.1.27.1 SUSE Manager Client Tools 15:python3-mgr-push-5.0.3-150000.1.30.1 SUSE Manager Client Tools 15:python3-rhnlib-5.0.6-150000.3.49.1 SUSE Manager Client Tools 15:spacecmd-5.0.14-150000.3.139.1 SUSE Manager Client Tools 15:supportutils-plugin-susemanager-client-5.0.5-150000.3.30.1 SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.0.0-150000.1.62.1 SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.37-150000.1.27.1 SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.37-150000.1.27.1 SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.37-150000.1.27.1 SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.37-150000.1.27.1 openSUSE Leap 15.6:dracut-saltboot-1.0.0-150000.1.62.1 openSUSE Leap 15.6:spacecmd-5.0.14-150000.3.139.1 openSUSE Leap 15.6:supportutils-plugin-susemanager-client-5.0.5-150000.3.30.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254458-1/ https://www.suse.com/security/cve/CVE-2025-6023.html CVE-2025-6023 https://bugzilla.suse.com/1246735 SUSE Bug 1246735 An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation: - Multiple organizations must exist in the Grafana instance - Victim must be on a different organization than the one specified in the URL CVE-2025-6197 SUSE Manager Client Tools 15:dracut-saltboot-1.0.0-150000.1.62.1 SUSE Manager Client Tools 15:grafana-11.5.10-150000.1.87.1 SUSE Manager Client Tools 15:mgr-push-5.0.3-150000.1.30.1 SUSE Manager Client Tools 15:mgrctl-0.1.37-150000.1.27.1 SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.37-150000.1.27.1 SUSE Manager Client Tools 15:mgrctl-lang-0.1.37-150000.1.27.1 SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.37-150000.1.27.1 SUSE Manager Client Tools 15:python3-mgr-push-5.0.3-150000.1.30.1 SUSE Manager Client Tools 15:python3-rhnlib-5.0.6-150000.3.49.1 SUSE Manager Client Tools 15:spacecmd-5.0.14-150000.3.139.1 SUSE Manager Client Tools 15:supportutils-plugin-susemanager-client-5.0.5-150000.3.30.1 SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.0.0-150000.1.62.1 SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.37-150000.1.27.1 SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.37-150000.1.27.1 SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.37-150000.1.27.1 SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.37-150000.1.27.1 openSUSE Leap 15.6:dracut-saltboot-1.0.0-150000.1.62.1 openSUSE Leap 15.6:spacecmd-5.0.14-150000.3.139.1 openSUSE Leap 15.6:supportutils-plugin-susemanager-client-5.0.5-150000.3.30.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254458-1/ https://www.suse.com/security/cve/CVE-2025-6197.html CVE-2025-6197 https://bugzilla.suse.com/1246736 SUSE Bug 1246736