Security update for SUSE Manager Client Tools

Announcement ID: SUSE-SU-2025:0532-1
Release Date: 2025-02-14T07:20:13Z
Rating: moderate
References:
Cross-References:
CVSS scores:
  • CVE-2024-22037 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L
  • CVE-2024-22037 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2024-22037 ( NVD ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • CVE-2024-22037 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products:
  • SUSE Manager Client Tools for RHEL, Liberty and Clones 9

An update that solves one vulnerability, contains two features and has 13 security fixes can now be installed.

Description:

This update fixes the following issues:

scap-security-guide was updated to version 0.1.75 (jsc#ECO-3319):

  • Added Ism profile for OL8, OL9
  • Added new product kylinserver10
  • Created OL10 product
  • Release SLMicro5 product
  • Replaced two date injections by SOURCE_DATE_EPOCH to make reproducible (bsc#1230361)
  • Updated PCI-DSS control file for version 4.0.1

spacecmd was updated to version 5.0.11-0:

  • Updated translation strings

uyuni-tools was updated from version 0.1.23-0 to 0.1.27-0:

  • Security issues fixed:
  • CVE-2024-22037: Use podman secret to store the database credentials (bsc#1231497)
  • Other changes and bugs fixed:
  • Version 0.1.27-0
    • Bump the default image tag to 5.0.3
    • IsInstalled function fix
    • Run systemctl daemon-reload after changing the container image config (bsc#1233279)
    • Coco-replicas-upgrade
    • Persist search server indexes (bsc#1231759)
    • Sync deletes files during migration (bsc#1233660)
    • Ignore coco and hub images when applying PTF if they are not ailable (bsc#1229079)
    • Add --registry back to mgrpxy (bsc#1233202)
    • Only add java.hostname on migrated server if not present
    • Consider the configuration file to detect the coco or hub api images should be pulled (bsc#1229104)
    • Only raise an error if cloudguestregistryauth fails for PAYG (bsc#1233630)
    • Add registry.suse.com login to mgradm upgrade podman list (bsc#1234123)
  • Version 0.1.26-0
    • Ignore all zypper caches during migration (bsc#1232769)
    • Use the uyuni network for all podman containers (bsc#1232817)
  • Version 0.1.25-0
    • Don't migrate enabled systemd services, recreate them (bsc#1232575)
  • Version 0.1.24-0
    • Redact JSESSIONID and pxt-session-cookie values from logs and console output (bsc#1231568)

Special Instructions and Notes:

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Manager Client Tools for RHEL, Liberty and Clones 9
    zypper in -t patch SUSE-EL-9-CLIENT-TOOLS-2025-532=1

Package List:

  • SUSE Manager Client Tools for RHEL, Liberty and Clones 9 (aarch64 ppc64le s390x x86_64)
    • mgrctl-0.1.28-1.14.1
    • mgrctl-debuginfo-0.1.28-1.14.1
  • SUSE Manager Client Tools for RHEL, Liberty and Clones 9 (noarch)
    • mgrctl-zsh-completion-0.1.28-1.14.1
    • scap-security-guide-redhat-0.1.75-1.32.1
    • spacecmd-5.0.11-1.44.1
    • mgrctl-bash-completion-0.1.28-1.14.1

References: