Flannel, Netty, Clair, and more updates for SUSE Linux

SUSE 5506 Published by

Several security updates have been released for SUSE Linux, addressing vulnerabilities in various packages. These include important security updates for Flannel, Multi-Linux Manager Client Tools, Salt, Grafana, and PostgreSQL 15. Additionally, moderate security updates were made to netty-4.1.130, Clair, golang-github-prometheus-alertmanager, and Multi-Linux Manager 4.3 Release Notes.

openSUSE-SU-2025:0474-1: important: Security update for flannel
openSUSE-SU-2025:15824-1: moderate: netty-4.1.130-1.1 on GA media
openSUSE-SU-2025:15823-1: moderate: clair-4.9.0-1.1 on GA media
SUSE-SU-2025:4458-1: important: Security update 5.0.6 for Multi-Linux Manager Client Tools
SUSE-SU-2025:4475-1: important: Security update for salt
SUSE-SU-2025:4479-1: moderate: Maintenance update for Multi-Linux Manager 4.3 Release Notes Release Notes
SUSE-SU-2025:4476-1: important: Security update for salt
SUSE-SU-2025:4477-1: important: Security update for salt
SUSE-SU-2025:4482-1: important: Security update for grafana
SUSE-SU-2025:4484-1: important: Security update for postgresql15
SUSE-SU-2025:4481-1: moderate: Security update for golang-github-prometheus-alertmanager




openSUSE-SU-2025:0474-1: important: Security update for flannel


openSUSE Security Update: Security update for flannel
_______________________________

Announcement ID: openSUSE-SU-2025:0474-1
Rating: important
References: #1218694 #1236522 #1240516
Cross-References: CVE-2019-14697 CVE-2023-45288 CVE-2025-30204

CVSS scores:
CVE-2023-45288 (SUSE): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
CVE-2025-30204 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that fixes three vulnerabilities is now available.

Description:

This update for flannel fixes the following issues:

- Update to version 0.27.4:
* Removed PodSecurityPolicy manifest creation
* Fix interface IP address detection in dual-stack mode
* Fix: recreate VXLAN device (flannel.*) when external interface is
deleted and re-added (#2247)
* golangci-lint: fix iptables_test
* firewall: add option to disable fully-random mode for MASQUERADE
* Bump the tencent group with 2 updates
* Bump github.com/coreos/go-systemd/v22 in the other-go-modules group
* Bump golang.org/x/sys in the other-go-modules group
* Bump the etcd group with 4 updates
* Bump etcd version in tests
* Stop using deprecated cache.NewIndexerInformer function
* Bump k8s test version
* Bump k8s deps to v0.31.11
* Bump the other-go-modules group with 2 updates
* helm chart: add nodeSelector in the helm chart
* Updated Alpine image
* Added flag to enable blackhole route locally for Canal
* Bump golang.org/x/sync in the other-go-modules group
* make enqueueLeaseEvent context aware and prevent dangling goroutines
when context is done - fixed a typo/build error
* make retry interval exp backoff
* cont_when_cache_not_ready configurable with fail by default * use
semaphore as opposed to raw signal channel
* Update pkg/subnet/kube/kube.go
* Fix deadlock in startup for large clusters
* enable setting resources in helm chart
* capture close() err on subnet file save (#2248)
* doc: document flag --iptables-forward-rules
* Bump netlink to v1.3.1
* fix: clean-up rules when starting instead of shutting down
* Bump k8s and sles test version
* Add modprobe br_netfilter step in test workflows
* test: don't run the workflows on "push" events
* Update to the latest flannel cni-plugins v1.7.1
* Move to go 1.23.6

- Update to version 0.26.6:
* Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common
* Bump the etcd group with 4 updates
* Bump the tencent group with 2 updates
* Organize dependabot PR's more clearly by using groups
* Use peer's wireguard port, not our own
* Bump to codeql v3
* Pin all GHA to a specific SHA commit
* Bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 (fix
CVE-2025-30204, boo#1240516)
* Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common
* Bump go.etcd.io/etcd/tests/v3 from 3.5.18 to 3.5.20
* add missing GH_TOKEN env var in release.yaml
* Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc
* Upload chart archive with the release files
* make deps
* refactor release.yaml to reduce use of potentially vulnerable GH
Actions
* Bump golang.org/x/net from 0.34.0 to 0.36.0
* enable setting CNI directory paths in helm chart
* Added cni file configuration on the chart
* Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc
* Bump github.com/avast/retry-go/v4 from 4.6.0 to 4.6.1

- Update to version 0.26.4:
* Moved to github container registry
* Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc
* Bump go.etcd.io/etcd/tests/v3 from 3.5.17 to 3.5.18
* fix: Fix high CPU usage when losing etcd connection and try to
re-establish connection with exponential backoff
* Bump github.com/containernetworking/plugins from 1.6.1 to 1.6.2
* Bump alpine from 20240923 to 20250108 in /images
* Bump golang.org/x/net from 0.31.0 to 0.33.0
* Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc
* Bump github.com/jonboulle/clockwork from 0.4.0 to 0.5.0
* feat: add bool to control CNI config installation using Helm
* fix: add missing MY_NODE_NAME env in chart
* Bump k8s deps to 0.29.12
* Don't panic upon shutdown when running in standalone mode
* Bump golang.org/x/crypto from 0.29.0 to 0.31.0
* Bump alpine from 20240807 to 20240923 in /images
* Bump github.com/containernetworking/plugins from 1.6.0 to 1.6.1
* Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc
* Bump github.com/vishvananda/netns from 0.0.4 to 0.0.5
* Use the standard context library
* Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common
* Updated flannel cni image to 1.6.0
* Updated CNI plugins version on the README
* Bump sigs.k8s.io/knftables from 0.0.17 to 0.0.18
* Bump github.com/golang-jwt/jwt/v4 from 4.4.2 to 4.5.1
* Bump github.com/Microsoft/hcsshim from 0.12.8 to 0.12.9
* Added check to not check br_filter in case of windows
* Bumo golangci-lint to latest version
* Bump to go 1.23
* Added checks for br_netfilter module
* Try not to cleanup multiple peers behind same PublicIP
* fix trivy check
* check that the lease includes an IP address of the requested family
before configuring the flannel interface
* Fixed IPv6 chosen in case of public-ipv6 configured
* add timeout to e2e test pipelines
* Update k8s version ine2e tests to v1.29.8
* Update netlink to v1.3.0
* Fixed values file on flannel chart
* Bump k8s.io/klog/v2 from 2.120.1 to 2.130.1
* Updated Flannel chart with Netpol containter and removed clustercidr
* Fix bug in hostgw-windows
* Fix bug in the logic polling the interface
* Added node-public-ip annotation
* Try several times to contact kube-api before failing
* Fixed IPv6 0 initialization
* wireguard backend: avoid error message if route already exists
* Bump github.com/avast/retry-go/v4 from 4.5.1 to 4.6.0
* use wait.PollUntilContextTimeout instead of deprecated wait.Poll
* troubleshooting.md: add `ethtool -K flannel.1 tx-checksum-ip-generic
off` for NAT
* Added configuration for pulic-ip through node annotation
* extension/vxlan: remove arp commands from vxlan examples
* Refactor TrafficManager windows files to clarify logs
* Add persistent-mac option to v6 too
* fix comparison with previous networks in SetupAndEnsureMasqRules
* show content of stdout and stderr when running iptables-restore
returns an error
* Add extra check before contacting kube-api
* remove unimplemented error in windows trafficmngr
* remove --dirty flags in git describe
* Added leaseAttr string method with logs on VxLan
* remove multiClusterCidr related-code.
* Implement nftables masquerading for flannel
* fix: ipv6 iptables rules were created even when IPv6 was disabled
* Add tolerations to the flannel chart
* Added additional check for n.spec.podCIDRs
* Remove net-tools since it's an old package that we are not using
* fix iptables_windows.go
* Clean-up Makefile and use docker buildx locally
* Use manual test to ensure iptables-* binaries are present
* Bump github.com/containerd/containerd from 1.6.23 to 1.6.26
* Bump github.com/joho/godotenv
* SubnetManager should use the main context
* Simplify TrafficManager interface
* refactor iptables package to prepare for nftables-based implementation

- Update to version 0.24.2:
* Prepare for v0.24.2 release
* Increase the time out for interface checking in windows
* Prepare for v0.24.1 release
* Provide support to select the interface in Windows
* Improve the log from powershell
* Wait all the jobs to finish before deploy the github-page
* remove remaining references to mips64le
* add multi-arch dockerfile
* add missing riscv64 in docker manifest create step
* prepare for v0.24.0 release
* Bump golang.org/x/crypto from 0.15.0 to 0.17.0
* Add the VNI to the error message in Windows
* chart: add possibility for defining image pull secrets in daemonset
* Remove multiclustercidr logic from code
* Update opentelemetry dependencies
* Bump
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc

* Add riscv64 arch in GH actions
* vxlan vni should not be type uint16
* Quote wireguard psk in helm chart
* add riscv64 support

- Update to 0.14.0:
* Add tencent cloud VPC network support
* moving go modules to flannel-io/flannel and updating to go 1.16
* fix(windows): nil pointer panic
* Preserve environment for extension backend
* Fix flannel hang if lease expired
* Documentation for the Flannel upgrade/downgrade procedure
* Move from glog to klog
* fix(host-gw): failed to restart if gateway hnsep existed
* ipsec: use well known paths of charon daemon
* upgrade client-go to 1.19.4
* move from juju/errors to pkg/errors
* subnets: move forward the cursor to skip illegal subnet
* Fix Expired URL to Deploying Flannel with kubeadm
* Modify kube-flannel.yaml to use rbac.authorization.k8s.io/v1
* preserve AccessKey & AccessKeySecret environment on sudo fix some typo
in doc.
* iptables: handle errors that prevent rule deletes

- update to 0.13.0:
* Use multi-arch Docker images in the Kubernetes manifest
* Accept existing XMRF policies and update them intead of raising errors
* Add --no-sanity-check to iptables-wrapper-installer.sh for
architectures other than amd64
* Use "docker manifest" to publish multi-arch Docker images
* Add NET_RAW capability to support cri-o
* remove glide
* switch to go modules
* Add and implement iptables-wrapper-installer.sh from
https://github.com/kubernetes-sigs/iptables-wrappers
* documentation: set priorityClassName to system-node-critical
* Added a hint for firewall rules
* Disabling ipv6 accept_ra explicitely on the created interface
* use alpine 3.12 everywhere
* windows: replace old netsh (rakelkar/gonetsh) with powershell commands
* fix CVE-2019-14697
* Bugfix: VtepMac would be empty when lease re-acquire for windows
* Use stable os and arch label for node
* doc(awsvpc): correct the required permissions

- update to 0.12.0:
* fix deleteLease
* Use publicIP lookup iface if --public-ip indicated
* kubernetes 1.16 cni error
* Add cniVersion to general CNI plugin configuration.
* Needs to clear NodeNetworkUnavailable flag on Kubernetes
* Replaces gorillalabs go-powershell with bhendo/go-powershell
* Make VXLAN device learning attribute configurable
* change nodeSelector to nodeAffinity and schedule the pod to linux node
* This PR adds the cni version to the cni-conf.yaml inside the
kube-flannel-cfg configmap
* EnableNonPersistent flag for Windows Overlay networks
* snap package.
* Update lease with DR Mac
* main.go: add the "net-config-path" flag
* Deploy Flannel with unprivileged PSP
* Enable local host to local pod connectivity in Windows VXLAN
* Update hcsshim for HostRoute policy in Windows VXLAN

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2025-474=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):

flannel-0.27.4-bp157.2.3.1

- openSUSE Backports SLE-15-SP7 (noarch):

flannel-k8s-yaml-0.27.4-bp157.2.3.1

References:

https://www.suse.com/security/cve/CVE-2019-14697.html
https://www.suse.com/security/cve/CVE-2023-45288.html
https://www.suse.com/security/cve/CVE-2025-30204.html
https://bugzilla.suse.com/1218694
https://bugzilla.suse.com/1236522
https://bugzilla.suse.com/1240516



openSUSE-SU-2025:15824-1: moderate: netty-4.1.130-1.1 on GA media


# netty-4.1.130-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15824-1
Rating: moderate

Cross-References:

* CVE-2025-67735

CVSS scores:

* CVE-2025-67735 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-67735 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the netty-4.1.130-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* netty 4.1.130-1.1
* netty-bom 4.1.130-1.1
* netty-javadoc 4.1.130-1.1
* netty-parent 4.1.130-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-67735.html



openSUSE-SU-2025:15823-1: moderate: clair-4.9.0-1.1 on GA media


# clair-4.9.0-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15823-1
Rating: moderate

Cross-References:

* CVE-2025-47907

CVSS scores:

* CVE-2025-47907 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
* CVE-2025-47907 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the clair-4.9.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* clair 4.9.0-1.1
* clairctl 4.9.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-47907.html



SUSE-SU-2025:4458-1: important: Security update 5.0.6 for Multi-Linux Manager Client Tools


# Security update 5.0.6 for Multi-Linux Manager Client Tools

Announcement ID: SUSE-SU-2025:4458-1
Release Date: 2025-12-18T11:57:41Z
Rating: important
References:

* bsc#1227577
* bsc#1227579
* bsc#1237495
* bsc#1243611
* bsc#1243704
* bsc#1244027
* bsc#1244127
* bsc#1244534
* bsc#1245099
* bsc#1245302
* bsc#1246068
* bsc#1246320
* bsc#1246553
* bsc#1246586
* bsc#1246662
* bsc#1246735
* bsc#1246736
* bsc#1246738
* bsc#1246789
* bsc#1246882
* bsc#1246906
* bsc#1246925
* bsc#1247688
* bsc#1247721
* bsc#1250616
* bsc#1251044
* bsc#1251138
* bsc#1252100
* jsc#MSQA-1034

Cross-References:

* CVE-2025-11065
* CVE-2025-3415
* CVE-2025-6023
* CVE-2025-6197

CVSS scores:

* CVE-2025-11065 ( SUSE ): 5.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-11065 ( SUSE ): 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-3415 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-3415 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-3415 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-6023 ( SUSE ): 7.2
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-6023 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
* CVE-2025-6023 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
* CVE-2025-6197 ( SUSE ): 2.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-6197 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2025-6197 ( NVD ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

Affected Products:

* openSUSE Leap 15.3
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15
* SUSE Linux Enterprise Desktop 15 SP1
* SUSE Linux Enterprise Desktop 15 SP2
* SUSE Linux Enterprise Desktop 15 SP3
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15
* SUSE Linux Enterprise High Performance Computing 15 SP1
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.0
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP1
* SUSE Linux Enterprise Real Time 15 SP2
* SUSE Linux Enterprise Real Time 15 SP3
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15
* SUSE Linux Enterprise Server 15 SP1
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15
* SUSE Linux Enterprise Server for SAP Applications 15 SP1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Manager Client Tools for SLE 15
* SUSE Manager Client Tools for SLE Micro 5

An update that solves four vulnerabilities, contains one feature and has 24
security fixes can now be installed.

## Description:

This update fixes the following issues:

dracut-saltboot:

* Update to version 1.0.0
* Reboot on salt key timeout (bsc#1237495)
* Fixed parsing files with space in the name (bsc#1252100)

grafana was updated from version 11.5.5 to 11.5.10:

* Security issues fixed:

* CVE-2025-47911: Fix parsing HTML documents (bsc#1251454)

* CVE-2025-58190: Fix excessive memory consumption (bsc#1251657)
* CVE-2025-64751: Drop experimental implementation of authorization Zanzana
server/client (bsc#1254113)
* CVE-2025-11065: Fixed sensitive information leak in logs (version 11.5.9)
(bsc#1250616)
* CVE-2025-6023: Fixed cross-site-scripting via scripted dashboards (version
11.5.7) (bsc#1246735)
* CVE-2025-6197: Fixed open redirect in organization switching (version
11.5.7) (bsc#1246736)
* CVE-2025-3415: Fixed exposure of DingDing alerting integration URL to Viewer
level users (version 11.5.6) (bsc#1245302)

* Other changes, new features and bugs fixed:

* Version 11.5.10:

* Update to Go 1.25
* Update to golang.org/x/net v0.45.0
* Auth: Fix render user OAuth passthrough
* LDAP Authentication: Fix URL to propagate username context as parameter
* Version 11.5.9:

* Auditing: Document new options for recording datasource query request/response body.
* Login: Fixed redirection after login when Grafana is served from subpath.
* Version 11.5.7:

* Azure: Fixed legend formatting and resource name determination in template variable queries.

mgr-push:

* Version 5.0.3-0
* Fixed syntax error in changelog

rhnlib:

* Version 5.0.6-0
* Use more secure defusedxml parser (bsc#1227577)

spacecmd:

* Version 5.0.14-0
* Fixed installation of python lib files on Ubuntu 24.04 (bsc#1246586)
* Use JSON instead of pickle for spacecmd cache (bsc#1227579)
* Make spacecmd to work with Python 3.12 and higher
* Call print statements properly in Python 3

uyuni-tools:

* Version 0.1.37-0
* Handle CA files with symlinks during migration (bsc#1251044)
* Add a lowercase version of --logLevel (bsc#1243611)
* Adjust traefik exposed configuration for chart v27+ (bsc#1247721)
* Stop executing scripts in temporary folder (bsc#1243704)
* Convert the traefik install time to local time (bsc#1251138)
* Run smdba and reindex only during migration (bsc#1244534)
* Support config: collect podman inspect for hub container (bsc#1245099)
* Add --registry-host, --registry-user and --registry-password to pull images
from an authenticate registry
* Deprecate --registry
* Use new dedicated path for Cobbler settings (bsc#1244027)
* Migrate custom auto installation snippets (bsc#1246320)
* Add SLE15SP7 to buildin productmap
* Fix loading product map from mgradm configuration file (bsc#1246068)
* Fix channel override for distro copy
* Do not use sudo when running as a root user (bsc#1246882)
* Do not require backups to be at the same location for restoring
(bsc#1246906)
* Check for restorecon presence before calling (bsc#1246925)
* Automatically get up-to-date systemid file on salt based proxy hosts
(bsc#1246789)
* Fix recomputing proxy images when installing a ptf or test (bsc#1246553)
* Add migration for server monitoring configuration (bsc#1247688)
* Version 0.1.36-0
* Bump the default image tag
* Version 0.1.35-0
* Restore SELinux contexts for restored backup volumes (bsc#1244127)
* Version 0.1.34-0
* Fix mgradm backup create handling of images and systemd files (bsc#1246738)
* Version 0.1.33-0
* Restore volumes using tar instead of podman import (bsc#1244127)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Manager Client Tools for SLE 15
zypper in -t patch SUSE-SLE-Manager-Tools-15-2025-4458=1

* SUSE Manager Client Tools for SLE Micro 5
zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2025-4458=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-4458=1

## Package List:

* SUSE Manager Client Tools for SLE 15 (noarch)
* supportutils-plugin-susemanager-client-5.0.5-150000.3.30.1
* mgrctl-zsh-completion-0.1.37-150000.1.27.1
* python3-rhnlib-5.0.6-150000.3.49.1
* mgrctl-bash-completion-0.1.37-150000.1.27.1
* dracut-saltboot-1.0.0-150000.1.62.1
* mgrctl-lang-0.1.37-150000.1.27.1
* python3-mgr-push-5.0.3-150000.1.30.1
* mgr-push-5.0.3-150000.1.30.1
* spacecmd-5.0.14-150000.3.139.1
* SUSE Manager Client Tools for SLE 15 (aarch64 ppc64le s390x x86_64)
* mgrctl-debuginfo-0.1.37-150000.1.27.1
* grafana-debuginfo-11.5.10-150000.1.87.1
* mgrctl-0.1.37-150000.1.27.1
* grafana-11.5.10-150000.1.87.1
* SUSE Manager Client Tools for SLE Micro 5 (noarch)
* mgrctl-lang-0.1.37-150000.1.27.1
* mgrctl-bash-completion-0.1.37-150000.1.27.1
* dracut-saltboot-1.0.0-150000.1.62.1
* mgrctl-zsh-completion-0.1.37-150000.1.27.1
* SUSE Manager Client Tools for SLE Micro 5 (aarch64 s390x x86_64)
* mgrctl-0.1.37-150000.1.27.1
* mgrctl-debuginfo-0.1.37-150000.1.27.1
* openSUSE Leap 15.6 (noarch)
* supportutils-plugin-susemanager-client-5.0.5-150000.3.30.1
* dracut-saltboot-1.0.0-150000.1.62.1
* spacecmd-5.0.14-150000.3.139.1

## References:

* https://www.suse.com/security/cve/CVE-2025-11065.html
* https://www.suse.com/security/cve/CVE-2025-3415.html
* https://www.suse.com/security/cve/CVE-2025-6023.html
* https://www.suse.com/security/cve/CVE-2025-6197.html
* https://bugzilla.suse.com/show_bug.cgi?id=1227577
* https://bugzilla.suse.com/show_bug.cgi?id=1227579
* https://bugzilla.suse.com/show_bug.cgi?id=1237495
* https://bugzilla.suse.com/show_bug.cgi?id=1243611
* https://bugzilla.suse.com/show_bug.cgi?id=1243704
* https://bugzilla.suse.com/show_bug.cgi?id=1244027
* https://bugzilla.suse.com/show_bug.cgi?id=1244127
* https://bugzilla.suse.com/show_bug.cgi?id=1244534
* https://bugzilla.suse.com/show_bug.cgi?id=1245099
* https://bugzilla.suse.com/show_bug.cgi?id=1245302
* https://bugzilla.suse.com/show_bug.cgi?id=1246068
* https://bugzilla.suse.com/show_bug.cgi?id=1246320
* https://bugzilla.suse.com/show_bug.cgi?id=1246553
* https://bugzilla.suse.com/show_bug.cgi?id=1246586
* https://bugzilla.suse.com/show_bug.cgi?id=1246662
* https://bugzilla.suse.com/show_bug.cgi?id=1246735
* https://bugzilla.suse.com/show_bug.cgi?id=1246736
* https://bugzilla.suse.com/show_bug.cgi?id=1246738
* https://bugzilla.suse.com/show_bug.cgi?id=1246789
* https://bugzilla.suse.com/show_bug.cgi?id=1246882
* https://bugzilla.suse.com/show_bug.cgi?id=1246906
* https://bugzilla.suse.com/show_bug.cgi?id=1246925
* https://bugzilla.suse.com/show_bug.cgi?id=1247688
* https://bugzilla.suse.com/show_bug.cgi?id=1247721
* https://bugzilla.suse.com/show_bug.cgi?id=1250616
* https://bugzilla.suse.com/show_bug.cgi?id=1251044
* https://bugzilla.suse.com/show_bug.cgi?id=1251138
* https://bugzilla.suse.com/show_bug.cgi?id=1252100
* https://jira.suse.com/browse/MSQA-1034



SUSE-SU-2025:4475-1: important: Security update for salt


# Security update for salt

Announcement ID: SUSE-SU-2025:4475-1
Release Date: 2025-12-18T12:08:22Z
Rating: important
References:

* bsc#1227207
* bsc#1250520
* bsc#1250755
* bsc#1251776
* bsc#1252244
* bsc#1252285
* bsc#1254256
* bsc#1254257
* jsc#MSQA-1034

Cross-References:

* CVE-2025-62348
* CVE-2025-62349

CVSS scores:

* CVE-2025-62348 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-62348 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-62349 ( SUSE ): 7.5
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
* CVE-2025-62349 ( SUSE ): 6.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L

Affected Products:

* openSUSE Leap 15.3
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP3

An update that solves two vulnerabilities, contains one feature and has six
security fixes can now be installed.

## Description:

This update for salt fixes the following issues:

* Security issues fixed:

* CVE-2025-62349: Added minimum_auth_version to enforce security (bsc#1254257)

* CVE-2025-62348: Fixed Junos module yaml loader (bsc#1254256)
* Backport security fixes for vendored tornado

* BDSA-2024-3438
* BDSA-2024-3439
* BDSA-2024-9026
* Other changes and bugs fixed:

* Fixed TLS and x509 modules for OSes with older cryptography module

* Fixed Salt for Python > 3.11 (bsc#1252285) (bsc#1252244)
* Use external tornado on Python > 3.11
* Make tls and x509 to use python-cryptography
* Remove usage of spwd
* Fixed payload signature verification on Tumbleweed (bsc#1251776)
* Fixed broken symlink on migration to Leap 16.0 (bsc#1250755)
* Fixed known_hosts error on gitfs (bsc#1250520) (bsc#1227207)
* Improved SL Micro 6.2 detection with grains
* Reverted requirement of M2Crypto >= 0.44.0 for SUSE Family distros
* Set python-CherryPy as required for python-salt-testsuite

## Special Instructions and Notes:

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-4475=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-4475=1

* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-4475=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-4475=1

* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-4475=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-4475=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-4475=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* python3-salt-testsuite-3006.0-150300.53.101.1
* salt-master-3006.0-150300.53.101.1
* salt-transactional-update-3006.0-150300.53.101.1
* salt-ssh-3006.0-150300.53.101.1
* salt-standalone-formulas-configuration-3006.0-150300.53.101.1
* salt-proxy-3006.0-150300.53.101.1
* salt-3006.0-150300.53.101.1
* salt-syndic-3006.0-150300.53.101.1
* salt-doc-3006.0-150300.53.101.1
* salt-minion-3006.0-150300.53.101.1
* python3-salt-3006.0-150300.53.101.1
* salt-cloud-3006.0-150300.53.101.1
* salt-api-3006.0-150300.53.101.1
* openSUSE Leap 15.3 (noarch)
* salt-fish-completion-3006.0-150300.53.101.1
* salt-bash-completion-3006.0-150300.53.101.1
* salt-zsh-completion-3006.0-150300.53.101.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* salt-master-3006.0-150300.53.101.1
* salt-ssh-3006.0-150300.53.101.1
* salt-standalone-formulas-configuration-3006.0-150300.53.101.1
* salt-proxy-3006.0-150300.53.101.1
* salt-3006.0-150300.53.101.1
* salt-syndic-3006.0-150300.53.101.1
* salt-doc-3006.0-150300.53.101.1
* salt-minion-3006.0-150300.53.101.1
* python3-salt-3006.0-150300.53.101.1
* salt-cloud-3006.0-150300.53.101.1
* salt-api-3006.0-150300.53.101.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* salt-fish-completion-3006.0-150300.53.101.1
* salt-bash-completion-3006.0-150300.53.101.1
* salt-zsh-completion-3006.0-150300.53.101.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* salt-master-3006.0-150300.53.101.1
* salt-transactional-update-3006.0-150300.53.101.1
* salt-ssh-3006.0-150300.53.101.1
* salt-standalone-formulas-configuration-3006.0-150300.53.101.1
* salt-proxy-3006.0-150300.53.101.1
* salt-3006.0-150300.53.101.1
* salt-syndic-3006.0-150300.53.101.1
* salt-doc-3006.0-150300.53.101.1
* salt-minion-3006.0-150300.53.101.1
* python3-salt-3006.0-150300.53.101.1
* salt-cloud-3006.0-150300.53.101.1
* salt-api-3006.0-150300.53.101.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (noarch)
* salt-fish-completion-3006.0-150300.53.101.1
* salt-bash-completion-3006.0-150300.53.101.1
* salt-zsh-completion-3006.0-150300.53.101.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* salt-master-3006.0-150300.53.101.1
* salt-ssh-3006.0-150300.53.101.1
* salt-standalone-formulas-configuration-3006.0-150300.53.101.1
* salt-proxy-3006.0-150300.53.101.1
* salt-3006.0-150300.53.101.1
* salt-syndic-3006.0-150300.53.101.1
* salt-doc-3006.0-150300.53.101.1
* salt-minion-3006.0-150300.53.101.1
* python3-salt-3006.0-150300.53.101.1
* salt-cloud-3006.0-150300.53.101.1
* salt-api-3006.0-150300.53.101.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* salt-fish-completion-3006.0-150300.53.101.1
* salt-bash-completion-3006.0-150300.53.101.1
* salt-zsh-completion-3006.0-150300.53.101.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* salt-master-3006.0-150300.53.101.1
* salt-transactional-update-3006.0-150300.53.101.1
* salt-ssh-3006.0-150300.53.101.1
* salt-standalone-formulas-configuration-3006.0-150300.53.101.1
* salt-proxy-3006.0-150300.53.101.1
* salt-3006.0-150300.53.101.1
* salt-syndic-3006.0-150300.53.101.1
* salt-doc-3006.0-150300.53.101.1
* salt-minion-3006.0-150300.53.101.1
* python3-salt-3006.0-150300.53.101.1
* salt-cloud-3006.0-150300.53.101.1
* salt-api-3006.0-150300.53.101.1
* SUSE Enterprise Storage 7.1 (noarch)
* salt-fish-completion-3006.0-150300.53.101.1
* salt-bash-completion-3006.0-150300.53.101.1
* salt-zsh-completion-3006.0-150300.53.101.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* salt-minion-3006.0-150300.53.101.1
* salt-transactional-update-3006.0-150300.53.101.1
* salt-3006.0-150300.53.101.1
* python3-salt-3006.0-150300.53.101.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* salt-minion-3006.0-150300.53.101.1
* salt-transactional-update-3006.0-150300.53.101.1
* salt-3006.0-150300.53.101.1
* python3-salt-3006.0-150300.53.101.1

## References:

* https://www.suse.com/security/cve/CVE-2025-62348.html
* https://www.suse.com/security/cve/CVE-2025-62349.html
* https://bugzilla.suse.com/show_bug.cgi?id=1227207
* https://bugzilla.suse.com/show_bug.cgi?id=1250520
* https://bugzilla.suse.com/show_bug.cgi?id=1250755
* https://bugzilla.suse.com/show_bug.cgi?id=1251776
* https://bugzilla.suse.com/show_bug.cgi?id=1252244
* https://bugzilla.suse.com/show_bug.cgi?id=1252285
* https://bugzilla.suse.com/show_bug.cgi?id=1254256
* https://bugzilla.suse.com/show_bug.cgi?id=1254257
* https://jira.suse.com/browse/MSQA-1034



SUSE-SU-2025:4479-1: moderate: Maintenance update for Multi-Linux Manager 4.3 Release Notes Release Notes


# Maintenance update for Multi-Linux Manager 4.3 Release Notes Release Notes

Announcement ID: SUSE-SU-2025:4479-1
Release Date: 2025-12-18T12:15:07Z
Rating: moderate
References:

* bsc#1237060
* bsc#1241455
* bsc#1250911
* bsc#1251864
* bsc#1253024
* jsc#MSQA-1039

Cross-References:

* CVE-2025-11065
* CVE-2025-47911
* CVE-2025-58190
* CVE-2025-62348
* CVE-2025-62349
* CVE-2025-64751

CVSS scores:

* CVE-2025-11065 ( SUSE ): 5.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-11065 ( SUSE ): 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-47911 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-47911 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-58190 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-58190 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-62348 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-62348 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-62349 ( SUSE ): 7.5
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
* CVE-2025-62349 ( SUSE ): 6.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L
* CVE-2025-64751 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
* CVE-2025-64751 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
* CVE-2025-64751 ( NVD ): 5.8
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.4
* SUSE Manager Proxy 4.3
* SUSE Manager Proxy 4.3 LTS
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Retail Branch Server 4.3 LTS
* SUSE Manager Server 4.3
* SUSE Manager Server 4.3 LTS

An update that solves six vulnerabilities and contains one feature can now be
installed.

## Recommended update 4.3.16.2 Unscheduled for Multi-Linux Manager Proxy and
Retail Branch Server LTS

### Description:

This update fixes the following issues:

release-notes-susemanager-proxy:

* Update to SUSE Manager 4.3.16.2

## Security update 4.3.16.2 for Multi-Linux Manager Server LTS

### Description:

This update fixes the following issues:

release-notes-susemanager:

* Update to SUSE Manager 4.3.16.2
* SUSE Linux Enterprise Server 15 SP6 LTSS channels enabled
* CVEs Fixed: CVE-2025-11065, CVE-2025-64751, CCVE-2025-47911, CVE-2025-58190
CVE-2025-62349, CVE-2025-62348
* Bugs mentioned: bsc#1237060, bsc#1241455, bsc#1250911, bsc#1251864,
bsc#1253024

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Manager Server 4.3 LTS
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-4479=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-4479=1

* SUSE Manager Proxy 4.3 LTS
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2025-4479=1

* SUSE Manager Retail Branch Server 4.3 LTS
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-LTS-2025-4479=1

## Package List:

* SUSE Manager Server 4.3 LTS (noarch)
* release-notes-susemanager-4.3.16.2-150400.3.148.1
* openSUSE Leap 15.4 (noarch)
* release-notes-susemanager-proxy-4.3.16.2-150400.3.104.2
* release-notes-susemanager-4.3.16.2-150400.3.148.1
* SUSE Manager Proxy 4.3 LTS (noarch)
* release-notes-susemanager-proxy-4.3.16.2-150400.3.104.2
* SUSE Manager Retail Branch Server 4.3 LTS (noarch)
* release-notes-susemanager-proxy-4.3.16.2-150400.3.104.2

## References:

* https://www.suse.com/security/cve/CVE-2025-11065.html
* https://www.suse.com/security/cve/CVE-2025-47911.html
* https://www.suse.com/security/cve/CVE-2025-58190.html
* https://www.suse.com/security/cve/CVE-2025-62348.html
* https://www.suse.com/security/cve/CVE-2025-62349.html
* https://www.suse.com/security/cve/CVE-2025-64751.html
* https://bugzilla.suse.com/show_bug.cgi?id=1237060
* https://bugzilla.suse.com/show_bug.cgi?id=1241455
* https://bugzilla.suse.com/show_bug.cgi?id=1250911
* https://bugzilla.suse.com/show_bug.cgi?id=1251864
* https://bugzilla.suse.com/show_bug.cgi?id=1253024
* https://jira.suse.com/browse/MSQA-1039



SUSE-SU-2025:4476-1: important: Security update for salt


# Security update for salt

Announcement ID: SUSE-SU-2025:4476-1
Release Date: 2025-12-18T12:08:59Z
Rating: important
References:

* bsc#1227207
* bsc#1250520
* bsc#1250755
* bsc#1251776
* bsc#1252244
* bsc#1252285
* bsc#1254256
* bsc#1254257
* jsc#MSQA-1034

Cross-References:

* CVE-2025-62348
* CVE-2025-62349

CVSS scores:

* CVE-2025-62348 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-62348 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-62349 ( SUSE ): 7.5
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
* CVE-2025-62349 ( SUSE ): 6.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Proxy 4.3 LTS
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Retail Branch Server 4.3 LTS
* SUSE Manager Server 4.3
* SUSE Manager Server 4.3 LTS

An update that solves two vulnerabilities, contains one feature and has six
security fixes can now be installed.

## Description:

This update for salt fixes the following issues:

* Security issues fixed:

* CVE-2025-62349: Added minimum_auth_version to enforce security (bsc#1254257)

* CVE-2025-62348: Fixed Junos module yaml loader (bsc#1254256)
* Backport security fixes for vendored tornado

* BDSA-2024-3438
* BDSA-2024-3439
* BDSA-2024-9026
* Other changes and bugs fixed:

* Fixed TLS and x509 modules for OSes with older cryptography module

* Fixed Salt for Python > 3.11 (bsc#1252285) (bsc#1252244)
* Use external tornado on Python > 3.11
* Make tls and x509 to use python-cryptography
* Remove usage of spwd
* Fixed payload signature verification on Tumbleweed (bsc#1251776)
* Fixed broken symlink on migration to Leap 16.0 (bsc#1250755)
* Fixed known_hosts error on gitfs (bsc#1250520) (bsc#1227207)
* Improved SL Micro 6.2 detection with grains
* Reverted requirement of M2Crypto >= 0.44.0 for SUSE Family distros
* Set python-CherryPy as required for python-salt-testsuite

## Special Instructions and Notes:

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-4476=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-4476=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-4476=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-4476=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-4476=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-4476=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-4476=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-4476=1

* SUSE Manager Proxy 4.3 LTS
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2025-4476=1

* SUSE Manager Retail Branch Server 4.3 LTS
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-LTS-2025-4476=1

* SUSE Manager Server 4.3 LTS
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-4476=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-4476=1

## Package List:

* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* salt-minion-3006.0-150400.8.91.1
* salt-3006.0-150400.8.91.1
* python3-salt-3006.0-150400.8.91.1
* salt-transactional-update-3006.0-150400.8.91.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* salt-minion-3006.0-150400.8.91.1
* salt-3006.0-150400.8.91.1
* python3-salt-3006.0-150400.8.91.1
* salt-transactional-update-3006.0-150400.8.91.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* salt-minion-3006.0-150400.8.91.1
* salt-3006.0-150400.8.91.1
* python3-salt-3006.0-150400.8.91.1
* salt-transactional-update-3006.0-150400.8.91.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* salt-minion-3006.0-150400.8.91.1
* salt-3006.0-150400.8.91.1
* python3-salt-3006.0-150400.8.91.1
* salt-transactional-update-3006.0-150400.8.91.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* salt-master-3006.0-150400.8.91.1
* salt-ssh-3006.0-150400.8.91.1
* salt-standalone-formulas-configuration-3006.0-150400.8.91.1
* salt-doc-3006.0-150400.8.91.1
* salt-3006.0-150400.8.91.1
* python3-salt-3006.0-150400.8.91.1
* salt-cloud-3006.0-150400.8.91.1
* salt-minion-3006.0-150400.8.91.1
* salt-syndic-3006.0-150400.8.91.1
* salt-proxy-3006.0-150400.8.91.1
* python311-salt-3006.0-150400.8.91.1
* salt-api-3006.0-150400.8.91.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* salt-fish-completion-3006.0-150400.8.91.1
* salt-bash-completion-3006.0-150400.8.91.1
* salt-zsh-completion-3006.0-150400.8.91.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* salt-master-3006.0-150400.8.91.1
* salt-ssh-3006.0-150400.8.91.1
* salt-standalone-formulas-configuration-3006.0-150400.8.91.1
* salt-doc-3006.0-150400.8.91.1
* salt-3006.0-150400.8.91.1
* python3-salt-3006.0-150400.8.91.1
* salt-cloud-3006.0-150400.8.91.1
* salt-minion-3006.0-150400.8.91.1
* salt-syndic-3006.0-150400.8.91.1
* salt-proxy-3006.0-150400.8.91.1
* python311-salt-3006.0-150400.8.91.1
* salt-api-3006.0-150400.8.91.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* salt-fish-completion-3006.0-150400.8.91.1
* salt-bash-completion-3006.0-150400.8.91.1
* salt-zsh-completion-3006.0-150400.8.91.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* salt-master-3006.0-150400.8.91.1
* salt-ssh-3006.0-150400.8.91.1
* salt-standalone-formulas-configuration-3006.0-150400.8.91.1
* salt-doc-3006.0-150400.8.91.1
* salt-3006.0-150400.8.91.1
* python3-salt-3006.0-150400.8.91.1
* salt-cloud-3006.0-150400.8.91.1
* salt-minion-3006.0-150400.8.91.1
* salt-syndic-3006.0-150400.8.91.1
* salt-proxy-3006.0-150400.8.91.1
* salt-transactional-update-3006.0-150400.8.91.1
* python311-salt-3006.0-150400.8.91.1
* salt-api-3006.0-150400.8.91.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* salt-fish-completion-3006.0-150400.8.91.1
* salt-bash-completion-3006.0-150400.8.91.1
* salt-zsh-completion-3006.0-150400.8.91.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* salt-master-3006.0-150400.8.91.1
* salt-ssh-3006.0-150400.8.91.1
* salt-standalone-formulas-configuration-3006.0-150400.8.91.1
* salt-doc-3006.0-150400.8.91.1
* salt-3006.0-150400.8.91.1
* python3-salt-3006.0-150400.8.91.1
* salt-cloud-3006.0-150400.8.91.1
* salt-minion-3006.0-150400.8.91.1
* salt-syndic-3006.0-150400.8.91.1
* salt-proxy-3006.0-150400.8.91.1
* python311-salt-3006.0-150400.8.91.1
* salt-api-3006.0-150400.8.91.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* salt-fish-completion-3006.0-150400.8.91.1
* salt-bash-completion-3006.0-150400.8.91.1
* salt-zsh-completion-3006.0-150400.8.91.1
* SUSE Manager Proxy 4.3 LTS (x86_64)
* salt-master-3006.0-150400.8.91.1
* salt-ssh-3006.0-150400.8.91.1
* salt-standalone-formulas-configuration-3006.0-150400.8.91.1
* salt-doc-3006.0-150400.8.91.1
* salt-3006.0-150400.8.91.1
* python3-salt-3006.0-150400.8.91.1
* salt-cloud-3006.0-150400.8.91.1
* salt-minion-3006.0-150400.8.91.1
* salt-syndic-3006.0-150400.8.91.1
* salt-proxy-3006.0-150400.8.91.1
* salt-api-3006.0-150400.8.91.1
* SUSE Manager Proxy 4.3 LTS (noarch)
* salt-fish-completion-3006.0-150400.8.91.1
* salt-bash-completion-3006.0-150400.8.91.1
* salt-zsh-completion-3006.0-150400.8.91.1
* SUSE Manager Retail Branch Server 4.3 LTS (x86_64)
* salt-master-3006.0-150400.8.91.1
* salt-ssh-3006.0-150400.8.91.1
* salt-standalone-formulas-configuration-3006.0-150400.8.91.1
* salt-doc-3006.0-150400.8.91.1
* salt-3006.0-150400.8.91.1
* python3-salt-3006.0-150400.8.91.1
* salt-cloud-3006.0-150400.8.91.1
* salt-minion-3006.0-150400.8.91.1
* salt-syndic-3006.0-150400.8.91.1
* salt-proxy-3006.0-150400.8.91.1
* salt-api-3006.0-150400.8.91.1
* SUSE Manager Retail Branch Server 4.3 LTS (noarch)
* salt-fish-completion-3006.0-150400.8.91.1
* salt-bash-completion-3006.0-150400.8.91.1
* salt-zsh-completion-3006.0-150400.8.91.1
* SUSE Manager Server 4.3 LTS (ppc64le s390x x86_64)
* salt-master-3006.0-150400.8.91.1
* salt-ssh-3006.0-150400.8.91.1
* salt-standalone-formulas-configuration-3006.0-150400.8.91.1
* salt-doc-3006.0-150400.8.91.1
* salt-3006.0-150400.8.91.1
* python3-salt-3006.0-150400.8.91.1
* salt-cloud-3006.0-150400.8.91.1
* salt-minion-3006.0-150400.8.91.1
* salt-syndic-3006.0-150400.8.91.1
* salt-proxy-3006.0-150400.8.91.1
* salt-api-3006.0-150400.8.91.1
* SUSE Manager Server 4.3 LTS (noarch)
* salt-fish-completion-3006.0-150400.8.91.1
* salt-bash-completion-3006.0-150400.8.91.1
* salt-zsh-completion-3006.0-150400.8.91.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* salt-master-3006.0-150400.8.91.1
* salt-ssh-3006.0-150400.8.91.1
* salt-standalone-formulas-configuration-3006.0-150400.8.91.1
* salt-doc-3006.0-150400.8.91.1
* salt-3006.0-150400.8.91.1
* python3-salt-3006.0-150400.8.91.1
* salt-cloud-3006.0-150400.8.91.1
* salt-minion-3006.0-150400.8.91.1
* salt-syndic-3006.0-150400.8.91.1
* salt-proxy-3006.0-150400.8.91.1
* salt-transactional-update-3006.0-150400.8.91.1
* python311-salt-testsuite-3006.0-150400.8.91.1
* python311-salt-3006.0-150400.8.91.1
* salt-api-3006.0-150400.8.91.1
* python3-salt-testsuite-3006.0-150400.8.91.1
* openSUSE Leap 15.4 (noarch)
* salt-fish-completion-3006.0-150400.8.91.1
* salt-bash-completion-3006.0-150400.8.91.1
* salt-zsh-completion-3006.0-150400.8.91.1

## References:

* https://www.suse.com/security/cve/CVE-2025-62348.html
* https://www.suse.com/security/cve/CVE-2025-62349.html
* https://bugzilla.suse.com/show_bug.cgi?id=1227207
* https://bugzilla.suse.com/show_bug.cgi?id=1250520
* https://bugzilla.suse.com/show_bug.cgi?id=1250755
* https://bugzilla.suse.com/show_bug.cgi?id=1251776
* https://bugzilla.suse.com/show_bug.cgi?id=1252244
* https://bugzilla.suse.com/show_bug.cgi?id=1252285
* https://bugzilla.suse.com/show_bug.cgi?id=1254256
* https://bugzilla.suse.com/show_bug.cgi?id=1254257
* https://jira.suse.com/browse/MSQA-1034



SUSE-SU-2025:4477-1: important: Security update for salt


# Security update for salt

Announcement ID: SUSE-SU-2025:4477-1
Release Date: 2025-12-18T12:10:19Z
Rating: important
References:

* bsc#1227207
* bsc#1250520
* bsc#1250755
* bsc#1251776
* bsc#1252244
* bsc#1252285
* bsc#1254256
* bsc#1254257
* jsc#MSQA-1034

Cross-References:

* CVE-2025-62348
* CVE-2025-62349

CVSS scores:

* CVE-2025-62348 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-62348 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-62349 ( SUSE ): 7.5
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
* CVE-2025-62349 ( SUSE ): 6.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L

Affected Products:

* Basesystem Module 15-SP6
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* Server Applications Module 15-SP6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* Systems Management Module 15-SP6
* Transactional Server Module 15-SP6

An update that solves two vulnerabilities, contains one feature and has six
security fixes can now be installed.

## Description:

This update for salt fixes the following issues:

* Security issues fixed:

* CVE-2025-62349: Added minimum_auth_version to enforce security (bsc#1254257)

* CVE-2025-62348: Fixed Junos module yaml loader (bsc#1254256)
* Backport security fixes for vendored tornado

* BDSA-2024-3438
* BDSA-2024-3439
* BDSA-2024-9026
* Other changes and bugs fixed:

* Fixed TLS and x509 modules for OSes with older cryptography module

* Fixed Salt for Python > 3.11 (bsc#1252285) (bsc#1252244)
* Use external tornado on Python > 3.11
* Make tls and x509 to use python-cryptography
* Remove usage of spwd
* Fixed payload signature verification on Tumbleweed (bsc#1251776)
* Fixed broken symlink on migration to Leap 16.0 (bsc#1250755)
* Fixed known_hosts error on gitfs (bsc#1250520) (bsc#1227207)
* Improved SL Micro 6.2 detection with grains
* Reverted requirement of M2Crypto >= 0.44.0 for SUSE Family distros
* Set python-CherryPy as required for python-salt-testsuite

## Special Instructions and Notes:

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-4477=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-4477=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-4477=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-4477=1

* Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-4477=1

* Systems Management Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Systems-Management-15-SP6-2025-4477=1

* Transactional Server Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP6-2025-4477=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-4477=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-4477=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-4477=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-4477=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* salt-minion-3006.0-150500.4.65.1
* salt-doc-3006.0-150500.4.65.1
* python311-salt-3006.0-150500.4.65.1
* salt-standalone-formulas-configuration-3006.0-150500.4.65.1
* python311-salt-testsuite-3006.0-150500.4.65.1
* salt-transactional-update-3006.0-150500.4.65.1
* salt-cloud-3006.0-150500.4.65.1
* python3-salt-testsuite-3006.0-150500.4.65.1
* salt-ssh-3006.0-150500.4.65.1
* salt-master-3006.0-150500.4.65.1
* salt-proxy-3006.0-150500.4.65.1
* salt-syndic-3006.0-150500.4.65.1
* python3-salt-3006.0-150500.4.65.1
* salt-3006.0-150500.4.65.1
* salt-api-3006.0-150500.4.65.1
* openSUSE Leap 15.5 (noarch)
* salt-fish-completion-3006.0-150500.4.65.1
* salt-bash-completion-3006.0-150500.4.65.1
* salt-zsh-completion-3006.0-150500.4.65.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* salt-minion-3006.0-150500.4.65.1
* salt-doc-3006.0-150500.4.65.1
* python311-salt-3006.0-150500.4.65.1
* salt-standalone-formulas-configuration-3006.0-150500.4.65.1
* salt-transactional-update-3006.0-150500.4.65.1
* salt-cloud-3006.0-150500.4.65.1
* python3-salt-testsuite-3006.0-150500.4.65.1
* salt-ssh-3006.0-150500.4.65.1
* salt-master-3006.0-150500.4.65.1
* salt-proxy-3006.0-150500.4.65.1
* salt-syndic-3006.0-150500.4.65.1
* python3-salt-3006.0-150500.4.65.1
* salt-3006.0-150500.4.65.1
* salt-api-3006.0-150500.4.65.1
* openSUSE Leap 15.6 (noarch)
* salt-fish-completion-3006.0-150500.4.65.1
* salt-bash-completion-3006.0-150500.4.65.1
* salt-zsh-completion-3006.0-150500.4.65.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* salt-minion-3006.0-150500.4.65.1
* python3-salt-3006.0-150500.4.65.1
* salt-transactional-update-3006.0-150500.4.65.1
* salt-3006.0-150500.4.65.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* salt-minion-3006.0-150500.4.65.1
* python3-salt-3006.0-150500.4.65.1
* salt-doc-3006.0-150500.4.65.1
* salt-3006.0-150500.4.65.1
* Basesystem Module 15-SP6 (noarch)
* salt-bash-completion-3006.0-150500.4.65.1
* salt-zsh-completion-3006.0-150500.4.65.1
* Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* salt-standalone-formulas-configuration-3006.0-150500.4.65.1
* salt-cloud-3006.0-150500.4.65.1
* salt-ssh-3006.0-150500.4.65.1
* salt-master-3006.0-150500.4.65.1
* salt-proxy-3006.0-150500.4.65.1
* salt-syndic-3006.0-150500.4.65.1
* salt-api-3006.0-150500.4.65.1
* Server Applications Module 15-SP6 (noarch)
* salt-fish-completion-3006.0-150500.4.65.1
* Systems Management Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* python311-salt-3006.0-150500.4.65.1
* Transactional Server Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* salt-transactional-update-3006.0-150500.4.65.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* salt-minion-3006.0-150500.4.65.1
* salt-doc-3006.0-150500.4.65.1
* python311-salt-3006.0-150500.4.65.1
* salt-standalone-formulas-configuration-3006.0-150500.4.65.1
* salt-cloud-3006.0-150500.4.65.1
* salt-ssh-3006.0-150500.4.65.1
* salt-master-3006.0-150500.4.65.1
* salt-proxy-3006.0-150500.4.65.1
* salt-syndic-3006.0-150500.4.65.1
* python3-salt-3006.0-150500.4.65.1
* salt-3006.0-150500.4.65.1
* salt-api-3006.0-150500.4.65.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* salt-fish-completion-3006.0-150500.4.65.1
* salt-bash-completion-3006.0-150500.4.65.1
* salt-zsh-completion-3006.0-150500.4.65.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* salt-minion-3006.0-150500.4.65.1
* salt-doc-3006.0-150500.4.65.1
* python311-salt-3006.0-150500.4.65.1
* salt-standalone-formulas-configuration-3006.0-150500.4.65.1
* salt-cloud-3006.0-150500.4.65.1
* salt-ssh-3006.0-150500.4.65.1
* salt-master-3006.0-150500.4.65.1
* salt-proxy-3006.0-150500.4.65.1
* salt-syndic-3006.0-150500.4.65.1
* python3-salt-3006.0-150500.4.65.1
* salt-3006.0-150500.4.65.1
* salt-api-3006.0-150500.4.65.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* salt-fish-completion-3006.0-150500.4.65.1
* salt-bash-completion-3006.0-150500.4.65.1
* salt-zsh-completion-3006.0-150500.4.65.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* salt-minion-3006.0-150500.4.65.1
* salt-doc-3006.0-150500.4.65.1
* python311-salt-3006.0-150500.4.65.1
* salt-standalone-formulas-configuration-3006.0-150500.4.65.1
* salt-cloud-3006.0-150500.4.65.1
* salt-ssh-3006.0-150500.4.65.1
* salt-master-3006.0-150500.4.65.1
* salt-proxy-3006.0-150500.4.65.1
* salt-syndic-3006.0-150500.4.65.1
* python3-salt-3006.0-150500.4.65.1
* salt-3006.0-150500.4.65.1
* salt-api-3006.0-150500.4.65.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* salt-fish-completion-3006.0-150500.4.65.1
* salt-bash-completion-3006.0-150500.4.65.1
* salt-zsh-completion-3006.0-150500.4.65.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* salt-minion-3006.0-150500.4.65.1
* salt-doc-3006.0-150500.4.65.1
* python311-salt-3006.0-150500.4.65.1
* salt-standalone-formulas-configuration-3006.0-150500.4.65.1
* salt-cloud-3006.0-150500.4.65.1
* salt-ssh-3006.0-150500.4.65.1
* salt-master-3006.0-150500.4.65.1
* salt-proxy-3006.0-150500.4.65.1
* salt-syndic-3006.0-150500.4.65.1
* python3-salt-3006.0-150500.4.65.1
* salt-3006.0-150500.4.65.1
* salt-api-3006.0-150500.4.65.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* salt-fish-completion-3006.0-150500.4.65.1
* salt-bash-completion-3006.0-150500.4.65.1
* salt-zsh-completion-3006.0-150500.4.65.1

## References:

* https://www.suse.com/security/cve/CVE-2025-62348.html
* https://www.suse.com/security/cve/CVE-2025-62349.html
* https://bugzilla.suse.com/show_bug.cgi?id=1227207
* https://bugzilla.suse.com/show_bug.cgi?id=1250520
* https://bugzilla.suse.com/show_bug.cgi?id=1250755
* https://bugzilla.suse.com/show_bug.cgi?id=1251776
* https://bugzilla.suse.com/show_bug.cgi?id=1252244
* https://bugzilla.suse.com/show_bug.cgi?id=1252285
* https://bugzilla.suse.com/show_bug.cgi?id=1254256
* https://bugzilla.suse.com/show_bug.cgi?id=1254257
* https://jira.suse.com/browse/MSQA-1034



SUSE-SU-2025:4482-1: important: Security update for grafana


# Security update for grafana

Announcement ID: SUSE-SU-2025:4482-1
Release Date: 2025-12-18T12:22:32Z
Rating: important
References:

* bsc#1245302
* bsc#1246735
* bsc#1246736
* bsc#1250616
* bsc#1251454
* bsc#1251657
* bsc#1254113
* jsc#MSQA-1034
* jsc#PED-14178

Cross-References:

* CVE-2025-11065
* CVE-2025-3415
* CVE-2025-47911
* CVE-2025-58190
* CVE-2025-6023
* CVE-2025-6197
* CVE-2025-64751

CVSS scores:

* CVE-2025-11065 ( SUSE ): 5.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-11065 ( SUSE ): 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-3415 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-3415 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-3415 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-47911 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-47911 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-58190 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-58190 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-6023 ( SUSE ): 7.2
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-6023 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
* CVE-2025-6023 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
* CVE-2025-6197 ( SUSE ): 2.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-6197 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2025-6197 ( NVD ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2025-64751 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
* CVE-2025-64751 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
* CVE-2025-64751 ( NVD ): 5.8
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP6
* SUSE Package Hub 15 15-SP7

An update that solves seven vulnerabilities and contains two features can now be
installed.

## Description:

This update for grafana fixes the following issues:

grafana was updated from version 11.5.5 to 11.5.10:

* Security issues fixed:

* CVE-2025-64751: Dropped experimental implementation of authorization Zanzana
server/client (version 11.5.10) (bsc#1254113)

* CVE-2025-47911: Fixed parsing HTML documents (version 11.5.10) (bsc#1251454)
* CVE-2025-58190: Fixed excessive memory consumption (version 11.5.10)
(bsc#1251657)
* CVE-2025-11065: Fixed sensitive information leak in logs (version 11.5.9)
(bsc#1250616)
* CVE-2025-6023: Fixed cross-site-scripting via scripted dashboards (version
11.5.7) (bsc#1246735)
* CVE-2025-6197: Fixed open redirect in organization switching (version
11.5.7) (bsc#1246736)
* CVE-2025-3415: Fixed exposure of DingDing alerting integration URL to Viewer
level users (version 11.5.6) (bsc#1245302)

* Other changes, new features and bugs fixed:

* Version 11.5.10:

* Use forked wire from Grafana repository instead of external package (jsc#PED-14178)
* Auth: Fix render user OAuth passthrough.
* LDAP Authentication: Fix URL to propagate username context as parameter.
* Plugins: Dependencies do not inherit parent URL for preinstall.
* Version 11.5.9:

* Auditing: Document new options for recording datasource query request/response body.
* Login: Fixed redirection after login when Grafana is served from subpath.
* Version 11.5.7:

* Azure: Fixed legend formatting and resource name determination in template variable queries.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-4482=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-4482=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-4482=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* grafana-debuginfo-11.5.10-150200.3.80.1
* grafana-11.5.10-150200.3.80.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
* grafana-debuginfo-11.5.10-150200.3.80.1
* grafana-11.5.10-150200.3.80.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
* grafana-debuginfo-11.5.10-150200.3.80.1
* grafana-11.5.10-150200.3.80.1

## References:

* https://www.suse.com/security/cve/CVE-2025-11065.html
* https://www.suse.com/security/cve/CVE-2025-3415.html
* https://www.suse.com/security/cve/CVE-2025-47911.html
* https://www.suse.com/security/cve/CVE-2025-58190.html
* https://www.suse.com/security/cve/CVE-2025-6023.html
* https://www.suse.com/security/cve/CVE-2025-6197.html
* https://www.suse.com/security/cve/CVE-2025-64751.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245302
* https://bugzilla.suse.com/show_bug.cgi?id=1246735
* https://bugzilla.suse.com/show_bug.cgi?id=1246736
* https://bugzilla.suse.com/show_bug.cgi?id=1250616
* https://bugzilla.suse.com/show_bug.cgi?id=1251454
* https://bugzilla.suse.com/show_bug.cgi?id=1251657
* https://bugzilla.suse.com/show_bug.cgi?id=1254113
* https://jira.suse.com/browse/MSQA-1034
* https://jira.suse.com/browse/PED-14178



SUSE-SU-2025:4484-1: important: Security update for postgresql15


# Security update for postgresql15

Announcement ID: SUSE-SU-2025:4484-1
Release Date: 2025-12-18T14:40:12Z
Rating: important
References:

* bsc#1253332
* bsc#1253333

Cross-References:

* CVE-2025-12817
* CVE-2025-12818

CVSS scores:

* CVE-2025-12817 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-12817 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-12817 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-12818 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-12818 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-12818 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Legacy Module 15-SP6
* Legacy Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves two vulnerabilities can now be installed.

## Description:

This update for postgresql15 fixes the following issues:

Upgraded to 15.15:

* CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in
CREATE STATISTICS (bsc#1253332)
* CVE-2025-12818: Fixed integer overflow in allocation-size calculations
within libpq (bsc#1253333)

Other fixes:

* Use %product_libs_llvm_ver to determine the LLVM version.
* Remove conditionals for obsolete PostgreSQL releases.
* Sync spec file from version 18.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-4484=1 SUSE-2025-4484=1

* Legacy Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2025-4484=1

* Legacy Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP7-2025-4484=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* postgresql15-plpython-15.15-150600.16.23.1
* postgresql15-contrib-debuginfo-15.15-150600.16.23.1
* postgresql15-debuginfo-15.15-150600.16.23.1
* postgresql15-server-devel-debuginfo-15.15-150600.16.23.1
* postgresql15-debugsource-15.15-150600.16.23.1
* postgresql15-pltcl-15.15-150600.16.23.1
* postgresql15-test-15.15-150600.16.23.1
* postgresql15-devel-15.15-150600.16.23.1
* postgresql15-plperl-15.15-150600.16.23.1
* postgresql15-llvmjit-debuginfo-15.15-150600.16.23.1
* postgresql15-pltcl-debuginfo-15.15-150600.16.23.1
* postgresql15-llvmjit-devel-15.15-150600.16.23.1
* postgresql15-plpython-debuginfo-15.15-150600.16.23.1
* postgresql15-devel-debuginfo-15.15-150600.16.23.1
* postgresql15-plperl-debuginfo-15.15-150600.16.23.1
* postgresql15-llvmjit-15.15-150600.16.23.1
* postgresql15-server-15.15-150600.16.23.1
* postgresql15-server-debuginfo-15.15-150600.16.23.1
* postgresql15-server-devel-15.15-150600.16.23.1
* postgresql15-15.15-150600.16.23.1
* postgresql15-contrib-15.15-150600.16.23.1
* openSUSE Leap 15.6 (noarch)
* postgresql15-docs-15.15-150600.16.23.1
* Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* postgresql15-pltcl-debuginfo-15.15-150600.16.23.1
* postgresql15-server-debuginfo-15.15-150600.16.23.1
* postgresql15-plpython-15.15-150600.16.23.1
* postgresql15-plperl-15.15-150600.16.23.1
* postgresql15-plpython-debuginfo-15.15-150600.16.23.1
* postgresql15-15.15-150600.16.23.1
* postgresql15-pltcl-15.15-150600.16.23.1
* postgresql15-server-devel-15.15-150600.16.23.1
* postgresql15-contrib-debuginfo-15.15-150600.16.23.1
* postgresql15-devel-15.15-150600.16.23.1
* postgresql15-devel-debuginfo-15.15-150600.16.23.1
* postgresql15-server-15.15-150600.16.23.1
* postgresql15-plperl-debuginfo-15.15-150600.16.23.1
* postgresql15-contrib-15.15-150600.16.23.1
* postgresql15-debuginfo-15.15-150600.16.23.1
* postgresql15-server-devel-debuginfo-15.15-150600.16.23.1
* postgresql15-debugsource-15.15-150600.16.23.1
* Legacy Module 15-SP6 (noarch)
* postgresql15-docs-15.15-150600.16.23.1
* Legacy Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* postgresql15-pltcl-debuginfo-15.15-150600.16.23.1
* postgresql15-server-debuginfo-15.15-150600.16.23.1
* postgresql15-plpython-15.15-150600.16.23.1
* postgresql15-plperl-15.15-150600.16.23.1
* postgresql15-plpython-debuginfo-15.15-150600.16.23.1
* postgresql15-15.15-150600.16.23.1
* postgresql15-pltcl-15.15-150600.16.23.1
* postgresql15-server-devel-15.15-150600.16.23.1
* postgresql15-contrib-debuginfo-15.15-150600.16.23.1
* postgresql15-devel-15.15-150600.16.23.1
* postgresql15-devel-debuginfo-15.15-150600.16.23.1
* postgresql15-server-15.15-150600.16.23.1
* postgresql15-plperl-debuginfo-15.15-150600.16.23.1
* postgresql15-contrib-15.15-150600.16.23.1
* postgresql15-debuginfo-15.15-150600.16.23.1
* postgresql15-server-devel-debuginfo-15.15-150600.16.23.1
* postgresql15-debugsource-15.15-150600.16.23.1

## References:

* https://www.suse.com/security/cve/CVE-2025-12817.html
* https://www.suse.com/security/cve/CVE-2025-12818.html
* https://bugzilla.suse.com/show_bug.cgi?id=1253332
* https://bugzilla.suse.com/show_bug.cgi?id=1253333



SUSE-SU-2025:4481-1: moderate: Security update for golang-github-prometheus-alertmanager


# Security update for golang-github-prometheus-alertmanager

Announcement ID: SUSE-SU-2025:4481-1
Release Date: 2025-12-18T12:19:03Z
Rating: moderate
References:

* bsc#1247748
* jsc#MSQA-1034
* jsc#PED-13285

Cross-References:

* CVE-2025-47908

CVSS scores:

* CVE-2025-47908 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-47908 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-47908 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.3
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15
* SUSE Linux Enterprise Desktop 15 SP1
* SUSE Linux Enterprise Desktop 15 SP2
* SUSE Linux Enterprise Desktop 15 SP3
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15
* SUSE Linux Enterprise High Performance Computing 15 SP1
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Real Time 15 SP1
* SUSE Linux Enterprise Real Time 15 SP2
* SUSE Linux Enterprise Real Time 15 SP3
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15
* SUSE Linux Enterprise Server 15 SP1
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15
* SUSE Linux Enterprise Server for SAP Applications 15 SP1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Manager Client Tools for SLE 15
* SUSE Manager Proxy 4.3
* SUSE Manager Proxy 4.3 LTS
* SUSE Manager Retail Branch Server 4.3
* SUSE Package Hub 15 15-SP6
* SUSE Package Hub 15 15-SP7

An update that solves one vulnerability and contains two features can now be
installed.

## Description:

This update for golang-github-prometheus-alertmanager fixes the following
issues:

* Update to version 0.28.1 (jsc#PED-13285):
* Improved performance of inhibition rules when using Equal labels.
* Improve the documentation on escaping in UTF-8 matchers.
* Update alertmanager_config_hash metric help to document the hash is not
cryptographically strong.
* Fix panic in amtool when using --verbose.
* Fix templating of channel field for Rocket.Chat.
* Fix rocketchat_configs written as rocket_configs in docs.
* Fix usage for --enable-feature flag.
* Trim whitespace from OpsGenie API Key.
* Fix Jira project template not rendered when searching for existing issues.
* Fix subtle bug in JSON/YAML encoding of inhibition rules that would cause
Equal labels to be omitted.
* Fix header for slack_configs in docs.
* Fix weight and wrap of Microsoft Teams notifications.
* Upgrade to version 0.28.0:
* CVE-2025-47908: Bump github.com/rs/cors (bsc#1247748).
* Templating errors in the SNS integration now return an error.
* Adopt log/slog, drop go-kit/log.
* Add a new Microsoft Teams integration based on Flows.
* Add a new Rocket.Chat integration.
* Add a new Jira integration.
* Add support for GOMEMLIMIT, enable it via the feature flag \--enable-
feature=auto-gomemlimit.
* Add support for GOMAXPROCS, enable it via the feature flag \--enable-
feature=auto-gomaxprocs.
* Add support for limits of silences including the maximum number of active
and pending silences, and the maximum size per silence (in bytes). You can
use the flags \--silences.max-silences and --silences.max-silence-size-bytes
to set them accordingly.
* Muted alerts now show whether they are suppressed or not in both the
/api/v2/alerts endpoint and the Alertmanager UI.
* Upgrade to version 0.27.0:
* API: Removal of all api/v1/ endpoints. These endpoints now log and return a
deprecation message and respond with a status code of 410.
* UTF-8 Support: Introduction of support for any UTF-8 character as part of
label names and matchers.
* Discord Integration: Enforce max length in message.
* Metrics: Introduced the experimental feature flag \--enable-
feature=receiver-name-in-metrics to include the receiver name.
* Metrics: Introduced a new gauge named alertmanager_inhibition_rules that
counts the number of configured inhibition rules.
* Metrics: Introduced a new counter named alertmanager_alerts_supressed_total
that tracks muted alerts, it contains a reason label to indicate the source
of the mute.
* Discord Integration: Introduced support for webhook_url_file.
* Microsoft Teams Integration: Introduced support for webhook_url_file.
* Microsoft Teams Integration: Add support for summary.
* Metrics: Notification metrics now support two new values for the label
reason, contextCanceled and contextDeadlineExceeded.
* Email Integration: Contents of auth_password_file are now trimmed of
prefixed and suffixed whitespace.
* amtool: Fixes the error scheme required for webhook url when using amtool
with --alertmanager.url.
* Mixin: Fix AlertmanagerFailedToSendAlerts,
AlertmanagerClusterFailedToSendAlerts, and
AlertmanagerClusterFailedToSendAlerts to make sure they ignore the reason
label.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-4481=1

* SUSE Manager Proxy 4.3 LTS
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2025-4481=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-4481=1

* SUSE Manager Client Tools for SLE 15
zypper in -t patch SUSE-SLE-Manager-Tools-15-2025-4481=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-4481=1

## Package List:

* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
* golang-github-prometheus-alertmanager-0.28.1-150100.4.28.2
* golang-github-prometheus-alertmanager-debuginfo-0.28.1-150100.4.28.2
* SUSE Manager Proxy 4.3 LTS (x86_64)
* golang-github-prometheus-alertmanager-0.28.1-150100.4.28.2
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* golang-github-prometheus-alertmanager-0.28.1-150100.4.28.2
* golang-github-prometheus-alertmanager-debuginfo-0.28.1-150100.4.28.2
* SUSE Manager Client Tools for SLE 15 (aarch64 ppc64le s390x x86_64)
* golang-github-prometheus-alertmanager-0.28.1-150100.4.28.2
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
* golang-github-prometheus-alertmanager-0.28.1-150100.4.28.2
* golang-github-prometheus-alertmanager-debuginfo-0.28.1-150100.4.28.2

## References:

* https://www.suse.com/security/cve/CVE-2025-47908.html
* https://bugzilla.suse.com/show_bug.cgi?id=1247748
* https://jira.suse.com/browse/MSQA-1034
* https://jira.suse.com/browse/PED-13285


Keylime, LibSSH, Kernel, and more updates for Oracle Linux

Glib2.0, Webkit2GTK, Roundcube, C-Ares updates for Debian

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...