{"affected":[{"ecosystem_specific":{"binaries":[{"SLES16-Migration":"2.1.26-15.22.4","python3-Cerberus":"1.3.2-150700.20.2.10","python3-migration":"2.1.26-150700.16.12.1","suse-migration-pre-checks":"2.1.26-150700.16.12.1","suse-migration-sle16-activation":"2.1.26-150700.15.9.1","wicked2nm":"1.4.0-150700.15.7.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP7","name":"SLES16-Migration","purl":"pkg:rpm/suse/SLES16-Migration&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.1.26-15.22.4"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"SLES16-Migration":"2.1.26-15.22.4","python3-Cerberus":"1.3.2-150700.20.2.10","python3-migration":"2.1.26-150700.16.12.1","suse-migration-pre-checks":"2.1.26-150700.16.12.1","suse-migration-sle16-activation":"2.1.26-150700.15.9.1","wicked2nm":"1.4.0-150700.15.7.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP7","name":"python-Cerberus","purl":"pkg:rpm/suse/python-Cerberus&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.3.2-150700.20.2.10"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"SLES16-Migration":"2.1.26-15.22.4","python3-Cerberus":"1.3.2-150700.20.2.10","python3-migration":"2.1.26-150700.16.12.1","suse-migration-pre-checks":"2.1.26-150700.16.12.1","suse-migration-sle16-activation":"2.1.26-150700.15.9.1","wicked2nm":"1.4.0-150700.15.7.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP7","name":"suse-migration-services","purl":"pkg:rpm/suse/suse-migration-services&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.1.26-150700.16.12.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"SLES16-Migration":"2.1.26-15.22.4","python3-Cerberus":"1.3.2-150700.20.2.10","python3-migration":"2.1.26-150700.16.12.1","suse-migration-pre-checks":"2.1.26-150700.16.12.1","suse-migration-sle16-activation":"2.1.26-150700.15.9.1","wicked2nm":"1.4.0-150700.15.7.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP7","name":"suse-migration-sle16-activation","purl":"pkg:rpm/suse/suse-migration-sle16-activation&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.1.26-150700.15.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"SLES16-Migration":"2.1.26-15.22.4","python3-Cerberus":"1.3.2-150700.20.2.10","python3-migration":"2.1.26-150700.16.12.1","suse-migration-pre-checks":"2.1.26-150700.16.12.1","suse-migration-sle16-activation":"2.1.26-150700.15.9.1","wicked2nm":"1.4.0-150700.15.7.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP7","name":"wicked2nm","purl":"pkg:rpm/suse/wicked2nm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.4.0-150700.15.7.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"SLES16-SAP_Migration":"2.1.26-15.14.4"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for SAP Applications 15 SP7","name":"SLES16-SAP_Migration","purl":"pkg:rpm/suse/SLES16-SAP_Migration&distro=SUSE%20Linux%20Enterprise%20Module%20for%20SAP%20Applications%2015%20SP7"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.1.26-15.14.4"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for suse-migration-sle16-activation, SLES16-Migration, SLES16-SAP_Migration, suse-migration-services, suse-migration-rpm, wicked2nm, image-janitor fixes the following issues:\n\nChanges for suse-migration-sle16-activation:\n\n- Simplify interface naming by disabling predictable names at boot\n- shellcheck heavily complained\n- check migration target before testing for architecture version\n- Create systemd.link files for virtual VMware/Hyper-V NICs\n- Add changes for newest wicked2nm\n- Activation packages can no longer be noarch\n- Architecture check before allowing migration to be activated\n- Add missing pre snapshot setup to run_migration\n- Add wicked2nm network migration\n- Setup ExclusiveArch for activation packages\n- Make activation package require by provides tag\n- Fix product related requirement settings\n\nChanges for SLES16-Migration:\n\n- Added .ssh directory for migration user\n- Add etc/motd overlay file\n  Print message how to show migration progress information\n- Fix build on more architectures\n- Initial changelog\n    \nChanges for SLES16-SAP_Migration:\n\n- Support wicked2nm migration\n- Migration live image for SLES4SAP 15 to 16\n\nChanges for suse-migration-services:\n\n- Set systemd offline for Zypper in chroot mode\n- Fix apparmor install procedure\n- Fixed azuremetadata device lookup\n- Use of f-strings not allowed in the DMS\n- Simplify interface naming by disabling predictable names at boot\n- Fixed test_check_lsm_migration unit test\n- Fix setup_host_network_test by mocking os.makedirs\n- wicked2nm: log network state on nm-online failure\n- Fixed LSM pre checks to be more robust\n- shellcheck heavily complained\n- Do not evaluate wicked2nm output in precheck\n- Fix unit test for lsm check\n- prechecks/lsm.py: remove _apparmor_analyze_profiles()\n- LSM migration check for AppArmor -> SELinux\n- Improve pre-check message\n- Fix MinSLEVersion value depending on target\n- reduce package set on migration image\n- Fixed behavior of wicked2m pre check\n- implementation of sshd root login pre-check\n- Fixed selinux to apparmor migration\n- Fixed reading of migration config for target class\n- Add recursion guard to MigrationConfig::_merge_config_dicts\n- shrink migration image\n- container/sle16/config.sh\n- sle16/config.sh - use dropin for s390 migration-config\n- doc: fix indentation\n- check for migration target by matching ISO file name\n- config: introduce dropin dir migration-config.d/\n- Apply SLE16 live image setup to container setup\n- bind mount only required subdirectories under /run into chroot\n- Add missing package requirement\n- check migration target before testing for architecture version\n- setup_host_network: simplify code - use os.makedirs()\n- Create systemd.link files for virtual VMware/Hyper-V NIC\n- Preserve systemd.link files from /etc/systemd/network/   \n- Add changes for the newest wicked2nm\n- Ensure wicked2nm is a dependency of pre-checks for SLE 16 migration\n- Activation packages can no longer be noarch\n- Fix update of image .changes files\n- Architecture check before allowing migration to be activated\n- Improve error logs when wicked2nm fails\n- Include image changelog to version bump\n- Ensure wicked2nm migration is always running, despite warnings\n- Fix: add --no-recommends on patterns-base-selinux installation\n- Update suse-migration-services for container use\n- Update SLE16 migration container\n- Update SAP live migration image\n- Add missing pre snapshot setup to run_migration\n- Follow up fix for the wicked to nm migration\n- Add wicked2nm network migration\n- Add glob support to preserve_files\n- Setup ExclusiveArch for activation packages\n- Build sles4sap migration for cloud on x86_64 only\n- Do not build sles4sap migration on s390x   \n- Use systemctl kexec\n- Fix: return the correct kernel path based on machine type\n- Fixed glob pattern match for package name\n- Remove menitoning of SLES 12-SP4\n- Make activation package require by provides tag\n- Added SLES16-SAP_Migration live image\n- Do not use list[str] type hint\n- Fix error evaluation from offline_migrations API\n- Fix logging from non unit files\n- Fix product related requirement settings\n- Repos for migration image must be in kiwi\n- Added .ssh to migration user for SAP 15 live image\n- Added SLES15-SAP_Migration Makefile target\n- Add proper release package for SLE16 migration\n- Fix typo in service name\n- Drop obsolete check for resolv.conf\n- Fix migration user home dir setup for SLE16\n- Update README_QA.rst\n- test: split unit test for setup_name_resolver\n- Install patterns-base-selinux for Apparmor migration\n- Ensure the rebuild counter is not stripped from the rpm\n- Exit silently if no migration iso is found\n- Ensure rpmlintrc file is part of suse-migration-services SRPM\n- Ignore fixup! entries when generating changelog\n- Increase python test matrix\n- Remove redundanct requires on itself\n- Fix ordering of pre-checks and actual migration\n- Add SLES15-Migration target to Makefile\n- Fix suse-migration-console-log service\n- Fix typo in REA- Activate only connections if present in the current system\n- Improve error output, exit codes and add flag to disable user hints\n- Add support for autoip-fallback\n- Issue only a info when dhcp.update is non default \n- Add ipv4_static broadcast \n- Apply dhcp settings to mirror wicked client id \n- Fix test.sh, fail if migration succeed but expect fail \n- Fix sysctl handling \n- Avoid cloning in parsing of route \n- Fix continue migration to show all warnings beforehand \n- Improve warning messages - show interface, element names \n- Remove unwrap in route parsing \n- bump slab from 0.4.10 to 0.4.11 to address CVE-2025-55159 (bsc#1248010)\n- Fix netconfig handling with proper priority setting\n- Add ovs support\n- Use agama-network instead of agama-(lib|server)\n- Only activate connections marked with autostart\n- Give hint in error message how to ignore warnings\n- Update README.md with updated installation and usage infos\n- Add support for Leap 15\n- Remove BuildRequires that are no longer necessary due to the agama-network switch.\n- The agama-network switch also removes the vulnerable and\n  unmaintained 'users' crate from the dependencies. (bsc#1244188)DME_QA\n- Fix: split name resolver setup into its own service\n- Fix: set path according to current arch in grub.d/99_migration\n- Add support to enable single rpm transaction for upgrade\n- enable suse-migration-ha.service in the migration image\n- Migration for high availability extension\n- RPM wrapper fixes\n- Cleanup secfile to follow python singlespec policy\n- Support product specifier in ISO name\n- Ensure sle16 images can build on all supported platforms\n- Use name pattern compatible to suse-migration-rpm\n- Fix SLE15 migration images\n- SAP product should migrate to 15 SP4\n- Add SLES15-SAP-Migration\n- Bump target to SLE15 SP7\n- Update bumpversion config\n  Include sle16 container build to version bump\n- Handle selinux boot option when using kexec\n- Ensure migration to SLES16 uses selinux, not apparmor\n- improve os-release parsing\n- Ensure SLES16 is also detected in SCC precheck\n- Add high availablity extension check\n- Fix package names for python packages on SLE16\n- Relax on the shim-install call\n- Fixup package name for SLE16 and SLE16 container\n- Fix changelog references for activation packages\n- Add product migration check\n    \nChanges for suse-migration-rpm:\n\n- Fix MinSLEVersion value depending on target\n- Add product requirement according to image name.\n- Exit silently if no migration iso is found. \n- Add build and perl(Date::Parse) to ensure we can append changelog entries to generated package.\n\nChanges for wicked2nm:\n    \n- Activate only connections if present in the current system\n- Improve error output, exit codes and add flag to disable user hints\n- Add support for autoip-fallback\n- Issue only a info when dhcp.update is non default \n- Add ipv4_static broadcast \n- Apply dhcp settings to mirror wicked client id \n- Fix test.sh, fail if migration succeed but expect fail \n- Fix sysctl handling \n- Avoid cloning in parsing of route \n- Fix continue migration to show all warnings beforehand \n- Improve warning messages - show interface, element names \n- Remove unwrap in route parsing \n- bump slab from 0.4.10 to 0.4.11 to address CVE-2025-55159 (bsc#1248010)\n- Fix netconfig handling with proper priority setting\n- Add ovs support\n- Use agama-network instead of agama-(lib|server)\n- Only activate connections marked with autostart\n- Give hint in error message how to ignore warnings\n- Update README.md with updated installation and usage infos\n- Add support for Leap 15\n- Remove BuildRequires that are no longer necessary due to the agama-network switch.\n- The agama-network switch also removes the vulnerable and\n  unmaintained 'users' crate from the dependencies. (bsc#1244188)\n    \nChages for image-janitor:\n- Fix packaging (add doc, license)\n- Release 0.2.0 with configuration files packaged\n- Initial packag\n  ","id":"SUSE-RU-2025:4131-1","modified":"2025-11-18T15:56:53Z","published":"2025-11-18T15:56:53Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/-2025-4131/suse-ru-20254131-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1133919"},{"type":"REPORT","url":"https://bugzilla.suse.com/1142108"},{"type":"REPORT","url":"https://bugzilla.suse.com/1155192"},{"type":"REPORT","url":"https://bugzilla.suse.com/1173532"},{"type":"REPORT","url":"https://bugzilla.suse.com/1178737"},{"type":"REPORT","url":"https://bugzilla.suse.com/1182520"},{"type":"REPORT","url":"https://bugzilla.suse.com/1199028"},{"type":"REPORT","url":"https://bugzilla.suse.com/1209304"},{"type":"REPORT","url":"https://bugzilla.suse.com/1209591"},{"type":"REPORT","url":"https://bugzilla.suse.com/1211240"},{"type":"REPORT","url":"https://bugzilla.suse.com/1219004"},{"type":"REPORT","url":"https://bugzilla.suse.com/1222258"},{"type":"REPORT","url":"https://bugzilla.suse.com/1244188"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246513"},{"type":"REPORT","url":"https://bugzilla.suse.com/1248010"},{"type":"REPORT","url":"https://bugzilla.suse.com/1248137"},{"type":"REPORT","url":"https://bugzilla.suse.com/1250076"},{"type":"REPORT","url":"https://bugzilla.suse.com/1250078"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-55159"}],"related":["CVE-2025-55159"],"summary":"Recommended update for suse-migration-sle16-activation, SLES16-Migration, SLES16-SAP_Migration, suse-migration-services, suse-migration-rpm, wicked2nm, image-janitor","upstream":["CVE-2025-55159"]}