Overview

File _patchinfo of Package patchinfo.39598

<patchinfo incident="39598">
  <category>security</category>
  <rating>critical</rating>
  <packager>raulosuna</packager>
  <summary>Maintenance update for Multi-Linux Manager 4.3 Release Notes Release Notes</summary>
  <description>Maintenance update for Multi-Linux Manager 4.3 Release Notes Release Notes:

This is a codestream only update
</description>
  <releasetarget project="SUSE:SLE-15-SP4:Update"/>
  <issue tracker="bnc" id="1246119">VUL-0: CVE-2025-46811: SUSE Multi Linux Manager: Critical Security Issue: Unprotected websocket endpoint</issue>
  <issue tracker="bnc" id="1245005">VUL-0: CVE-2025-46809: Plain text HTTP Proxy user:password in repolog accessible from the MLM 5.x webUI</issue>
  <issue tracker="cve" id="2025-46811"/>
  <issue tracker="cve" id="2025-46809"/>
  <issue tracker="ijsc" id="MSQA-993"/>
  <issue tracker="bnc" id="1157520">In the API for actionchain calling a highstate is not present</issue>
  <issue tracker="bnc" id="1191142">postgres_exporter fails because of missing package in proxy</issue>
  <issue tracker="bnc" id="1209060">Some options are removed</issue>
  <issue tracker="bnc" id="1211373">Docs - Manually needing to trust keys during reposync</issue>
  <issue tracker="bnc" id="1213952">The "Compliance as code" page does not tell at the right place which playbooks can be run and which ones not</issue>
  <issue tracker="bnc" id="1216187">Discrepancies between SUMA proxy setup documentation and actual script</issue>
  <issue tracker="bnc" id="1221031">Enhance 'Note' for  Hub Operational Requirements</issue>
  <issue tracker="bnc" id="1225740">"Disable schedule" for a taskomatic task leads to "Delete schedule" confirmation screen</issue>
  <issue tracker="bnc" id="1230403">Manage errors in user-defined pillars</issue>
  <issue tracker="bnc" id="1230908">Disabled Auto-Installation profiles still Included in generated ISOs</issue>
  <issue tracker="bnc" id="1233371">cobbler sync still running even when disabled.</issue>
  <issue tracker="bnc" id="1234608">hint not shown when hovering the mouse on some icons showing the type of a patch</issue>
  <issue tracker="bnc" id="1236635">spacewalk-repo-sync needs missing python3-simplejson package</issue>
  <issue tracker="bnc" id="1236779">FIPS mode production registering/repo access does not work</issue>
  <issue tracker="bnc" id="1236810">Be clear when it comes to support for 3rd party OSes</issue>
  <issue tracker="bnc" id="1236877">rpm locks not working with Rocky Linux 8</issue>
  <issue tracker="bnc" id="1236910">Using "reboot_suggested" or "restart_suggested" by API always responds "False"</issue>
  <issue tracker="bnc" id="1237060">Recurring action 'uptodate' does not install all updates</issue>
  <issue tracker="bnc" id="1237082">OES Products missing / not available anymore: "Channel has no URL associated"  SUMA 4.3</issue>
  <issue tracker="bnc" id="1237294">some current signing keys still have SHA1 inside</issue>
  <issue tracker="bnc" id="1237403">Misspelling in SUSE Manager Virtual Machine Settings - VMware</issue>
  <issue tracker="bnc" id="1237581">Internal server error when accessing groups in activation keys</issue>
  <issue tracker="bnc" id="1237694">Highstate does not respect configuration channel rankings</issue>
  <issue tracker="bnc" id="1237770">Security advisories not published</issue>
  <issue tracker="bnc" id="1238922">Filters of type Product Temporary Fix (Fixes Package Name) can't be created</issue>
  <issue tracker="bnc" id="1238924">Two systems do not show up in subscription matcher and cannot be pinned</issue>
  <issue tracker="bnc" id="1239102">gpg key not recognized after import while using spacewalk-repo-sync</issue>
  <issue tracker="bnc" id="1239154">GUI behaves erratically during child-channel assignment for large group of clients using SSM</issue>
  <issue tracker="bnc" id="1239604">spacecmd system_listeventhistory missing from documentation</issue>
  <issue tracker="bnc" id="1239743">openscap audit is running immediately even when scheduled for next days</issue>
  <issue tracker="bnc" id="1239826">VUL-0: CVE-2025-23392: spacewalk-java: reflected XSS in SystemsController.java</issue>
  <issue tracker="bnc" id="1239868">CLM project is not promoting dev to prod in webui</issue>
  <issue tracker="bnc" id="1239907">CLM Template filter not showing packages. Product tree metadata needs to be updated</issue>
  <issue tracker="bnc" id="1240038">Severity Levels are missing in API output of errata.getDetails</issue>
  <issue tracker="bnc" id="1240386">VUL-0:CVE-2025-23393: Limited Error-Based SQL Injection</issue>
  <issue tracker="bnc" id="1240666">Manager 5.0: cobbler won't start with /var/lib/cobbler on NFS</issue>
  <issue tracker="bnc" id="1240842">"Cleaning up channel packages" link in SUMA docs does not seem to go anywhere</issue>
  <issue tracker="bnc" id="1241239">ISSv2 not secure</issue>
  <issue tracker="bnc" id="1241286">podman logs uyuni-db and podman logs uyuni-server don't print anything</issue>
  <issue tracker="bnc" id="1241455">Salt module 'sap_module' causing disruption</issue>
  <issue tracker="bnc" id="1241490">Missing java.smtp_server Parameter in Documentation for Email Configuration in /etc/rhn/rhn.conf</issue>
  <issue tracker="bnc" id="1242004">System Page Search Fails When Using Dot (`.`) in Search Term</issue>
  <issue tracker="bnc" id="1242030">salt: 'ascii' codec can't decode byte 0xc3 in position 21: ordinal not in range(128)</issue>
  <issue tracker="bnc" id="1242148">VUL-0: http_proxy_password stored as clear text in /var/log/messages</issue>
  <issue tracker="bnc" id="1242554">spacewalk-data-fsck not needed</issue>
  <issue tracker="bnc" id="1242911">Link broken in documentation</issue>
  <issue tracker="bnc" id="1243239">Subscription Matching Shows Incorrect Validity Status in SUSE Manager 4.3</issue>
  <issue tracker="bnc" id="1243460">Using special characters in the proxy password results in spacewalk-repo-sync failing: TypeError: quote_from_bytes() expected bytes</issue>
  <issue tracker="bnc" id="1243724">inter-server-sync does not write logs to the directory /var/log/hub if the directory doesn't already exist.</issue>
  <issue tracker="bnc" id="1243825">Action chain scheduled within SSM creates no link for the new action chain</issue>
  <issue tracker="bnc" id="1244065">Improve Documentation and Behavior of &#8220;Reschedule&#8221; Button on Failed Actions to Preserve Action History in SUSE Manager</issue>
  <issue tracker="bnc" id="1244290">Documented script fails to run because a needed library is not imported</issue>
  <issue tracker="bnc" id="1245027">API Documentation for Method:listFiles  listLocal shows them as integer but should be Boolean</issue>
  <issue tracker="bnc" id="1245222">spacewalk-repo-sync fails with "Downloaded data exceeded the expected filesize" when using an HTTP proxy</issue>
  <issue tracker="bnc" id="1245368">Grafana formula fails on SLES 15 SP7 as "unsupported"</issue>
  <issue tracker="cve" id="2025-23392"/>
  <issue tracker="cve" id="2025-23393"/>
  <issue tracker="cve" id="2024-38824"/>
  <issue tracker="cve" id="2025-22239"/>
  <issue tracker="cve" id="2025-22236"/>
  <issue tracker="cve" id="2025-22237"/>
  <issue tracker="cve" id="2024-38825"/>
  <issue tracker="cve" id="2025-22240"/>
  <issue tracker="cve" id="2024-38823"/>
  <issue tracker="cve" id="2025-22241"/>
  <issue tracker="cve" id="2025-22238"/>
  <issue tracker="cve" id="2025-22242"/>
  <issue tracker="cve" id="2024-38822"/>
  <issue tracker="bnc" id="1236601">Bug in cobbler sync with suse manager proxy ip</issue>
</patchinfo>
openSUSE Build Service is sponsored by
Places