{"affected":[{"ecosystem_specific":{"binaries":[{"Multi-Linux-ManagerTools-SLE-release":"12-120002.1.3.2","Multi-Linux-ManagerTools-SLE-release-POOL":"12-120002.1.3.2","golang-github-prometheus-alertmanager":"0.28.1-120002.4.3.2","grafana":"11.5.7-120002.4.3.2","mgr-push":"5.1.4-120002.3.3.3","python-defusedxml":"0.6.0-120002.1.3.1","python2-mgr-push":"5.1.4-120002.3.3.3","python2-rhnlib":"5.1.3-120002.3.3.1","python2-spacewalk-client-tools":"5.1.7-120002.3.3.2","spacecmd":"5.1.11-120002.3.3.2","spacewalk-client-tools":"5.1.7-120002.3.3.2","supportutils-plugin-susemanager-client":"5.1.4-120002.3.3.1"}]},"package":{"ecosystem":"SUSE:Multi Linux Manager Tools SLE-12","name":"Multi-Linux-ManagerTools-SLE-release","purl":"pkg:rpm/suse/Multi-Linux-ManagerTools-SLE-release&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20SLE-12"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"12-120002.1.3.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"Multi-Linux-ManagerTools-SLE-release":"12-120002.1.3.2","Multi-Linux-ManagerTools-SLE-release-POOL":"12-120002.1.3.2","golang-github-prometheus-alertmanager":"0.28.1-120002.4.3.2","grafana":"11.5.7-120002.4.3.2","mgr-push":"5.1.4-120002.3.3.3","python-defusedxml":"0.6.0-120002.1.3.1","python2-mgr-push":"5.1.4-120002.3.3.3","python2-rhnlib":"5.1.3-120002.3.3.1","python2-spacewalk-client-tools":"5.1.7-120002.3.3.2","spacecmd":"5.1.11-120002.3.3.2","spacewalk-client-tools":"5.1.7-120002.3.3.2","supportutils-plugin-susemanager-client":"5.1.4-120002.3.3.1"}]},"package":{"ecosystem":"SUSE:Multi Linux Manager Tools SLE-12","name":"golang-github-prometheus-alertmanager","purl":"pkg:rpm/suse/golang-github-prometheus-alertmanager&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20SLE-12"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.28.1-120002.4.3.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"Multi-Linux-ManagerTools-SLE-release":"12-120002.1.3.2","Multi-Linux-ManagerTools-SLE-release-POOL":"12-120002.1.3.2","golang-github-prometheus-alertmanager":"0.28.1-120002.4.3.2","grafana":"11.5.7-120002.4.3.2","mgr-push":"5.1.4-120002.3.3.3","python-defusedxml":"0.6.0-120002.1.3.1","python2-mgr-push":"5.1.4-120002.3.3.3","python2-rhnlib":"5.1.3-120002.3.3.1","python2-spacewalk-client-tools":"5.1.7-120002.3.3.2","spacecmd":"5.1.11-120002.3.3.2","spacewalk-client-tools":"5.1.7-120002.3.3.2","supportutils-plugin-susemanager-client":"5.1.4-120002.3.3.1"}]},"package":{"ecosystem":"SUSE:Multi Linux Manager Tools SLE-12","name":"grafana","purl":"pkg:rpm/suse/grafana&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20SLE-12"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"11.5.7-120002.4.3.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"Multi-Linux-ManagerTools-SLE-release":"12-120002.1.3.2","Multi-Linux-ManagerTools-SLE-release-POOL":"12-120002.1.3.2","golang-github-prometheus-alertmanager":"0.28.1-120002.4.3.2","grafana":"11.5.7-120002.4.3.2","mgr-push":"5.1.4-120002.3.3.3","python-defusedxml":"0.6.0-120002.1.3.1","python2-mgr-push":"5.1.4-120002.3.3.3","python2-rhnlib":"5.1.3-120002.3.3.1","python2-spacewalk-client-tools":"5.1.7-120002.3.3.2","spacecmd":"5.1.11-120002.3.3.2","spacewalk-client-tools":"5.1.7-120002.3.3.2","supportutils-plugin-susemanager-client":"5.1.4-120002.3.3.1"}]},"package":{"ecosystem":"SUSE:Multi Linux Manager Tools SLE-12","name":"mgr-push","purl":"pkg:rpm/suse/mgr-push&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20SLE-12"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.1.4-120002.3.3.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"Multi-Linux-ManagerTools-SLE-release":"12-120002.1.3.2","Multi-Linux-ManagerTools-SLE-release-POOL":"12-120002.1.3.2","golang-github-prometheus-alertmanager":"0.28.1-120002.4.3.2","grafana":"11.5.7-120002.4.3.2","mgr-push":"5.1.4-120002.3.3.3","python-defusedxml":"0.6.0-120002.1.3.1","python2-mgr-push":"5.1.4-120002.3.3.3","python2-rhnlib":"5.1.3-120002.3.3.1","python2-spacewalk-client-tools":"5.1.7-120002.3.3.2","spacecmd":"5.1.11-120002.3.3.2","spacewalk-client-tools":"5.1.7-120002.3.3.2","supportutils-plugin-susemanager-client":"5.1.4-120002.3.3.1"}]},"package":{"ecosystem":"SUSE:Multi Linux Manager Tools SLE-12","name":"python-defusedxml","purl":"pkg:rpm/suse/python-defusedxml&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20SLE-12"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.6.0-120002.1.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"Multi-Linux-ManagerTools-SLE-release":"12-120002.1.3.2","Multi-Linux-ManagerTools-SLE-release-POOL":"12-120002.1.3.2","golang-github-prometheus-alertmanager":"0.28.1-120002.4.3.2","grafana":"11.5.7-120002.4.3.2","mgr-push":"5.1.4-120002.3.3.3","python-defusedxml":"0.6.0-120002.1.3.1","python2-mgr-push":"5.1.4-120002.3.3.3","python2-rhnlib":"5.1.3-120002.3.3.1","python2-spacewalk-client-tools":"5.1.7-120002.3.3.2","spacecmd":"5.1.11-120002.3.3.2","spacewalk-client-tools":"5.1.7-120002.3.3.2","supportutils-plugin-susemanager-client":"5.1.4-120002.3.3.1"}]},"package":{"ecosystem":"SUSE:Multi Linux Manager Tools SLE-12","name":"rhnlib","purl":"pkg:rpm/suse/rhnlib&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20SLE-12"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.1.3-120002.3.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"Multi-Linux-ManagerTools-SLE-release":"12-120002.1.3.2","Multi-Linux-ManagerTools-SLE-release-POOL":"12-120002.1.3.2","golang-github-prometheus-alertmanager":"0.28.1-120002.4.3.2","grafana":"11.5.7-120002.4.3.2","mgr-push":"5.1.4-120002.3.3.3","python-defusedxml":"0.6.0-120002.1.3.1","python2-mgr-push":"5.1.4-120002.3.3.3","python2-rhnlib":"5.1.3-120002.3.3.1","python2-spacewalk-client-tools":"5.1.7-120002.3.3.2","spacecmd":"5.1.11-120002.3.3.2","spacewalk-client-tools":"5.1.7-120002.3.3.2","supportutils-plugin-susemanager-client":"5.1.4-120002.3.3.1"}]},"package":{"ecosystem":"SUSE:Multi Linux Manager Tools SLE-12","name":"spacecmd","purl":"pkg:rpm/suse/spacecmd&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20SLE-12"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.1.11-120002.3.3.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"Multi-Linux-ManagerTools-SLE-release":"12-120002.1.3.2","Multi-Linux-ManagerTools-SLE-release-POOL":"12-120002.1.3.2","golang-github-prometheus-alertmanager":"0.28.1-120002.4.3.2","grafana":"11.5.7-120002.4.3.2","mgr-push":"5.1.4-120002.3.3.3","python-defusedxml":"0.6.0-120002.1.3.1","python2-mgr-push":"5.1.4-120002.3.3.3","python2-rhnlib":"5.1.3-120002.3.3.1","python2-spacewalk-client-tools":"5.1.7-120002.3.3.2","spacecmd":"5.1.11-120002.3.3.2","spacewalk-client-tools":"5.1.7-120002.3.3.2","supportutils-plugin-susemanager-client":"5.1.4-120002.3.3.1"}]},"package":{"ecosystem":"SUSE:Multi Linux Manager Tools SLE-12","name":"spacewalk-client-tools","purl":"pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20SLE-12"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.1.7-120002.3.3.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"Multi-Linux-ManagerTools-SLE-release":"12-120002.1.3.2","Multi-Linux-ManagerTools-SLE-release-POOL":"12-120002.1.3.2","golang-github-prometheus-alertmanager":"0.28.1-120002.4.3.2","grafana":"11.5.7-120002.4.3.2","mgr-push":"5.1.4-120002.3.3.3","python-defusedxml":"0.6.0-120002.1.3.1","python2-mgr-push":"5.1.4-120002.3.3.3","python2-rhnlib":"5.1.3-120002.3.3.1","python2-spacewalk-client-tools":"5.1.7-120002.3.3.2","spacecmd":"5.1.11-120002.3.3.2","spacewalk-client-tools":"5.1.7-120002.3.3.2","supportutils-plugin-susemanager-client":"5.1.4-120002.3.3.1"}]},"package":{"ecosystem":"SUSE:Multi Linux Manager Tools SLE-12","name":"supportutils-plugin-susemanager-client","purl":"pkg:rpm/suse/supportutils-plugin-susemanager-client&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20SLE-12"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.1.4-120002.3.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update fixes the following issues:\n\ngolang-github-prometheus-alertmanager:\n\n- Update to version 0.28.1 (jsc#PED-13285):\n  * Improved performance of inhibition rules when using Equal\n    labels.\n  * Improve the documentation on escaping in UTF-8 matchers.\n  * Update alertmanager_config_hash metric help to document the\n    hash is not cryptographically strong.\n  * Fix panic in amtool when using --verbose.\n  * Fix templating of channel field for Rocket.Chat.\n  * Fix rocketchat_configs written as rocket_configs in docs.\n  * Fix usage for --enable-feature flag.\n  * Trim whitespace from OpsGenie API Key.\n  * Fix Jira project template not rendered when searching for\n    existing issues.\n  * Fix subtle bug in JSON/YAML encoding of inhibition rules that\n    would cause Equal labels to be omitted.\n  * Fix header for slack_configs in docs.\n  * Fix weight and wrap of Microsoft Teams notifications.\n- Upgrade to version 0.28.0:\n  * CVE-2025-47908: Bump github.com/rs/cors (bsc#1247748).\n  * Templating errors in the SNS integration now return an error.\n  * Adopt log/slog, drop go-kit/log.\n  * Add a new Microsoft Teams integration based on Flows.\n  * Add a new Rocket.Chat integration.\n  * Add a new Jira integration.\n  * Add support for GOMEMLIMIT, enable it via the feature flag\n    --enable-feature=auto-gomemlimit.\n  * Add support for GOMAXPROCS, enable it via the feature flag\n    --enable-feature=auto-gomaxprocs.\n  * Add support for limits of silences including the maximum number\n    of active and pending silences, and the maximum size per\n    silence (in bytes). You can use the flags\n    --silences.max-silences and --silences.max-silence-size-bytes\n    to set them accordingly.\n  * Muted alerts now show whether they are suppressed or not in\n    both the /api/v2/alerts endpoint and the Alertmanager UI.\n- Upgrade to version 0.27.0:\n  * API: Removal of all api/v1/ endpoints. These endpoints\n    now log and return a deprecation message and respond with a\n    status code of 410.\n  * UTF-8 Support: Introduction of support for any UTF-8\n    character as part of label names and matchers.\n  * Discord Integration: Enforce max length in message.\n  * Metrics: Introduced the experimental feature flag\n    --enable-feature=receiver-name-in-metrics to include the\n    receiver name.\n  * Metrics: Introduced a new gauge named\n    alertmanager_inhibition_rules that counts the number of\n    configured inhibition rules.\n  * Metrics: Introduced a new counter named\n    alertmanager_alerts_supressed_total that tracks muted alerts,\n    it contains a reason label to indicate the source of the mute.\n  * Discord Integration: Introduced support for webhook_url_file.\n  * Microsoft Teams Integration: Introduced support for\n    webhook_url_file.\n  * Microsoft Teams Integration: Add support for summary.\n  * Metrics: Notification metrics now support two new values for\n    the label reason, contextCanceled and contextDeadlineExceeded.\n  * Email Integration: Contents of auth_password_file are now\n    trimmed of prefixed and suffixed whitespace.\n  * amtool: Fixes the error scheme required for webhook url when\n    using amtool with --alertmanager.url.\n  * Mixin: Fix AlertmanagerFailedToSendAlerts,\n    AlertmanagerClusterFailedToSendAlerts, and\n    AlertmanagerClusterFailedToSendAlerts to make sure they ignore\n    the reason label.\n\ngrafana:\n\n- Update to version 11.5.7:\n  * Security:\n    CVE-2025-6023: Fix cross-site-scripting via scripted dashboards\n                   (bsc#1246735)\n    CVE-2025-6197: Fix open redirect in organization switching\n                   (bsc#1246736)\n  * Bug fixes:\n    Azure: Fix legend formatting.\n    Azure: Fix resource name determination in template variable\n           queries.\n- Update to version 11.5.6:\n    CVE-2025-3415: Fix exposure of DingDing alerting integration\n                   URL to Viewer level users (bsc#1245302)\n\nmgr-push:\n\n- Version 5.1.4-0\n  * Use absolute paths when invoking external commands\n  * Fix syntax error in changelog\n\npython-defusedxml:\n\n- Update to 0.6.0\n  * Increase test coverage.\n  * Add badges to README.\n  * Test on Python 3.7 stable and 3.8-dev\n  * Drop support for Python 3.4\n  * No longer pass *html* argument to XMLParse. It has been deprecated and\n    ignored for a long time. The DefusedXMLParser still takes a html argument.\n    A deprecation warning is issued when the argument is False and a TypeError\n    when it's True.\n  * defusedxml now fails early when pyexpat stdlib module is not available or\n    broken.\n  * defusedxml.ElementTree.__all__ now lists ParseError as public attribute.\n  * The defusedxml.ElementTree and defusedxml.cElementTree modules had a typo\n    and used XMLParse instead of XMLParser as an alias for DefusedXMLParser.\n    Both the old and fixed name are now available.\n- Remove superfluous devel dependency for noarch package\n- Fix source url.\n- Update to 5.0\n  * Add compatibility with Python 3.6\n  * Drop support for Python 2.6, 3.1, 3.2, 3.3\n  * Fix lxml tests (XMLSyntaxError: Detected an entity reference loop)\n- Implement single-spec version.\n- Dummy changelog for bsc#1019074, FATE#322329\n- Initial packaging.\n\nrhnlib:\n\n- Version 5.1.3-0\n  * Fix syntax error in changelog\n  * Use more secure defusedxml parser (bsc#1227577)\n\nspacecmd:\n\n- Version 5.1.11-0\n  * Make spacecmd work with Python 3.12 and higher\n  * Call print statements properly in Python 3\n- Version 5.1.10-0\n  * Fix use of renamed config parser class where the backward\n    compatible alias was dropped in latest python version\n    (bsc#1246586)\n- Version 5.1.9-0\n  * Fix installation of python lib files on Ubuntu 24.04\n\nspacewalk-client-tools:\n\n- Version 5.1.7-0\n  * Fix syntax error in changelog\n\nsupportutils-plugin-susemanager-client:\n\n- Version 5.1.4-0\n  * Fix syntax error in changelog\n\nuyuni-tools:\n\n- version 5.1.20-0\n  * Add migration for server monitoring configuration (bsc#1247688)\n\n- version 5.1.19-0\n  * Add a lowercase version of --logLevel (bsc#1243611)\n  * Stop executing scripts in temporary folder (bsc#1243704)\n  * support config: collect podman inspect for hub container\n    (bsc#1245099)\n  * Use new dedicated path for Cobbler settings (bsc#1244027)\n  * Migrate custom auto installation snippets (bsc#1246320)\n  * Add SUSE Linux Enterprise 15 SP7 to buildin productmap\n  * Fix loading product map from mgradm configuration file\n    (bsc#1246068)\n  * Fix channel override for distro copy\n  * Do not use sudo when running as a root user (bsc#1246882)\n  * Do not require backups to be at the same location for restoring\n    (bsc#1246906)\n  * Fix recomputing proxy images when installing a PTF or TEST\n    (bsc#1246553)\n  * Add mgradm server rename to change the server FQDN (bsc#1229825)\n  * If no DB SSL CA parameter is given, use the other one\n    (bsc#1245120)\n  * More fault tolerant mgradm stop (bsc#1243331)\n  * Backup systemd dropin directory too and create if missing\n  * Add 3rd party SSL options for upgrade and migration scenarios\n  * Do not consider stderr output of podman as an error\n    (bsc#1247836)\n  * Restore SELinux contexts for restored backup volumes\n    (bsc#1244127)\n  * Automatically get up-to-date systemid file on salt based proxy\n    hosts (bsc#1246789)\n  * Bump the default image tag to 5.1.1\n\n- version 5.1.18-0\n  * Update translation strings\n\n- version 5.1.17-0\n  * upgrade saline should use scale function (bsc#1246864)\n\n- version 5.1.16-0\n  * Use database backup volume as temporary backup location\n    (bsc#1246628)\n\n","id":"SUSE-SU-2025:3817-1","modified":"2025-10-28T07:19:09Z","published":"2025-10-28T07:19:09Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-20253817-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1019074"},{"type":"REPORT","url":"https://bugzilla.suse.com/1227577"},{"type":"REPORT","url":"https://bugzilla.suse.com/1229825"},{"type":"REPORT","url":"https://bugzilla.suse.com/1243331"},{"type":"REPORT","url":"https://bugzilla.suse.com/1243611"},{"type":"REPORT","url":"https://bugzilla.suse.com/1243704"},{"type":"REPORT","url":"https://bugzilla.suse.com/1244027"},{"type":"REPORT","url":"https://bugzilla.suse.com/1244127"},{"type":"REPORT","url":"https://bugzilla.suse.com/1245099"},{"type":"REPORT","url":"https://bugzilla.suse.com/1245120"},{"type":"REPORT","url":"https://bugzilla.suse.com/1245302"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246068"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246320"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246553"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246586"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246628"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246735"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246736"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246789"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246864"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246882"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246906"},{"type":"REPORT","url":"https://bugzilla.suse.com/1247688"},{"type":"REPORT","url":"https://bugzilla.suse.com/1247748"},{"type":"REPORT","url":"https://bugzilla.suse.com/1247836"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-3415"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-47908"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-6023"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-6197"}],"related":["CVE-2025-3415","CVE-2025-47908","CVE-2025-6023","CVE-2025-6197"],"summary":"Security update 5.1.1 for Multi-Linux Manager Client Tools","upstream":["CVE-2025-3415","CVE-2025-47908","CVE-2025-6023","CVE-2025-6197"]}