{"affected":[{"ecosystem_specific":{"binaries":[{"grafana":"11.5.10-150002.4.6.1","mgrctl":"5.1.23-150002.3.6.1","mgrctl-bash-completion":"5.1.23-150002.3.6.1","mgrctl-lang":"5.1.23-150002.3.6.1","mgrctl-zsh-completion":"5.1.23-150002.3.6.1"}]},"package":{"ecosystem":"SUSE:Multi Linux Manager Tools SLE-15","name":"grafana","purl":"pkg:rpm/suse/grafana&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20SLE-15"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"11.5.10-150002.4.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"grafana":"11.5.10-150002.4.6.1","mgrctl":"5.1.23-150002.3.6.1","mgrctl-bash-completion":"5.1.23-150002.3.6.1","mgrctl-lang":"5.1.23-150002.3.6.1","mgrctl-zsh-completion":"5.1.23-150002.3.6.1"}]},"package":{"ecosystem":"SUSE:Multi Linux Manager Tools SLE-15","name":"uyuni-tools","purl":"pkg:rpm/suse/uyuni-tools&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20SLE-15"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.1.23-150002.3.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"mgrctl":"5.1.23-150002.3.6.1","mgrctl-bash-completion":"5.1.23-150002.3.6.1","mgrctl-lang":"5.1.23-150002.3.6.1","mgrctl-zsh-completion":"5.1.23-150002.3.6.1"}]},"package":{"ecosystem":"SUSE:Multi Linux Manager Tools SLE-Micro-5","name":"uyuni-tools","purl":"pkg:rpm/suse/uyuni-tools&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20SLE-Micro-5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.1.23-150002.3.6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update fixes the following issues:\n\ngrafana was updated from version 11.5.7 to 11.5.10:\n\n- Security issues fixed:\n\n  * CVE-2025-64751: Drop experimental implementation of authorization Zanzana server/client (version 11.5.10)\n    (bsc#1254113)\n  * CVE-2025-47911: Fix parsing HTML documents (version 11.5.10) (bsc#1251454)\n  * CVE-2025-58190: Fix excessive memory consumption (version 11.5.10) (bsc#1251657)\n  * CVE-2025-11065: Fixed sensitive information leak in logs (version 11.5.9) (bsc#1250616)\n\n- Other changes, new features and bugs fixed:\n\n  * Version 11.5.10:\n    + Use forked wire from Grafana repository instead of external package (jsc#PED-14178)\n    + Auth: Fix render user OAuth passthrough.\n    + LDAP Authentication: Fix URL to propagate username context as parameter.\n    + Plugins: Dependencies do not inherit parent URL for preinstall.\n  * Version 11.5.9:\n    + Auditing: Document new options for recording datasource query request/response body.\n    + Login: Fixed redirection after login when Grafana is served from subpath.\n  * Update to version 11.5.8:\n    + No relevant changes\n\nuyuni-tools:\n\n- version 5.1.23-0\n  * Update the default tag to 5.1.1.1\n- version 5.1.22-0\n  * Fix cobbler config migration to standalone files\n  * Fix generated DB certificate subject alternate names\n- version 5.1.21-0\n  * Remove extraneous quotes when getting the running image (bsc#1249434)\n\n","id":"SUSE-SU-2025:4446-1","modified":"2025-12-18T08:49:58Z","published":"2025-12-18T08:49:58Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-20254446-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1249434"},{"type":"REPORT","url":"https://bugzilla.suse.com/1250616"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251454"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251657"},{"type":"REPORT","url":"https://bugzilla.suse.com/1254113"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-11065"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-47911"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-58190"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-64751"}],"related":["CVE-2025-11065","CVE-2025-47911","CVE-2025-58190","CVE-2025-64751"],"summary":"Security update 5.1.1.1 for Multi-Linux Manager Client Tools","upstream":["CVE-2025-11065","CVE-2025-47911","CVE-2025-58190","CVE-2025-64751"]}