SUSE-SU-2025:4444-1

Security issues fixed:
- CVE-2025-64751: Drop experimental implementation of authorization Zanzana server/client (version 11.5.10) (bsc#1254113)
- CVE-2025-47911: Fixed parsing HTML documents (version 11.5.10) (bsc#1251454)
- CVE-2025-58190: Fixed excessive memory consumption (version 11.5.10) (bsc#1251657)
- CVE-2025-11065: Fixed sensitive information leak in logs (version 11.5.9) (bsc#1250616)
Other changes, new features and bugs fixed:
- Version 11.5.10:
  - Use forked wire from Grafana repository instead of external package (jsc#PED-14178)
  - Auth: Fix render user OAuth passthrough.
  - LDAP Authentication: Fix URL to propagate username context as parameter.
  - Plugins: Dependencies do not inherit parent URL for preinstall.
- Version 11.5.9:
  - Auditing: Document new options for recording datasource query request/response body.
  - Login: Fixed redirection after login when Grafana is served from subpath.
- Update to version 11.5.8:
  - No relevant changes

uyuni-tools:

version 5.1.23-0
- Update the default tag to 5.1.1.1
version 5.1.22-0
- Fix cobbler config migration to standalone files
- Fix generated DB certificate subject alternate names
version 5.1.21-0
- Remove extraneous quotes when getting the running image (bsc#1249434)

References

Affected packages

SUSE:Multi Linux Manager Tools SLE-12

Multi-Linux-ManagerTools-SLE-release

Package

Name: Multi-Linux-ManagerTools-SLE-release
Purl: pkg:rpm/suse/Multi-Linux-ManagerTools-SLE-release&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20SLE-12

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

12-120002.1.11.1

Ecosystem specific

{
    "binaries": [
        {
            "mgrctl-bash-completion": "5.1.23-120002.3.6.1",
            "grafana": "11.5.10-120002.4.6.1",
            "Multi-Linux-ManagerTools-SLE-release": "12-120002.1.11.1",
            "mgrctl-lang": "5.1.23-120002.3.6.1",
            "Multi-Linux-ManagerTools-SLE-release-POOL": "12-120002.1.11.1",
            "mgrctl": "5.1.23-120002.3.6.1",
            "mgrctl-zsh-completion": "5.1.23-120002.3.6.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:4444-1.json"

grafana

Package

Name: grafana
Purl: pkg:rpm/suse/grafana&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20SLE-12

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

11.5.10-120002.4.6.1

Ecosystem specific

{
    "binaries": [
        {
            "mgrctl-bash-completion": "5.1.23-120002.3.6.1",
            "grafana": "11.5.10-120002.4.6.1",
            "Multi-Linux-ManagerTools-SLE-release": "12-120002.1.11.1",
            "mgrctl-lang": "5.1.23-120002.3.6.1",
            "Multi-Linux-ManagerTools-SLE-release-POOL": "12-120002.1.11.1",
            "mgrctl": "5.1.23-120002.3.6.1",
            "mgrctl-zsh-completion": "5.1.23-120002.3.6.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:4444-1.json"

uyuni-tools

Package

Name: uyuni-tools
Purl: pkg:rpm/suse/uyuni-tools&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20SLE-12

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.1.23-120002.3.6.1

Ecosystem specific

{
    "binaries": [
        {
            "mgrctl-bash-completion": "5.1.23-120002.3.6.1",
            "grafana": "11.5.10-120002.4.6.1",
            "Multi-Linux-ManagerTools-SLE-release": "12-120002.1.11.1",
            "mgrctl-lang": "5.1.23-120002.3.6.1",
            "Multi-Linux-ManagerTools-SLE-release-POOL": "12-120002.1.11.1",
            "mgrctl": "5.1.23-120002.3.6.1",
            "mgrctl-zsh-completion": "5.1.23-120002.3.6.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:4444-1.json"