SUSE-SU-2025:01994-1

Source
https://www.suse.com/support/update/announcement/2025/suse-su-202501994-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:01994-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2025:01994-1
Related
Published
2025-06-18T02:13:38Z
Modified
2025-06-18T12:59:26.832785Z
Upstream
Summary
Security update 4.3.15.2 SUSE Manager Server 4.3
Details

This update fixes the following issues:

netty:

  • Security issues fixed:

    • CVE-2024-47535: Decorate InputStream to throw an exception once the data read limit is reached (bsc#1233297)
  • Other changes:

    • Replace AlgorithmId.sha256WithRSAEncryption_oid usage with specify the OID directly

susemanager-sync-data:

  • Version 4.3.22-0:

    • Added support for OES 24.4 (bsc#1230585)
    • Set Ubuntu 24.04 as released

How to apply this update:

  1. Log in as root user to the Multi-Linux Manager Server.
  2. Stop the Spacewalk service: spacewalk-service stop
  3. Apply the patch using either zypper patch or YaST Online Update.
  4. Start the Spacewalk service: spacewalk-service start
References

Affected packages

SUSE:Manager Server Module 4.3 / netty

Package

Name
netty
Purl
pkg:rpm/suse/netty&distro=SUSE%20Manager%20Server%20Module%204.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.1.44.Final-150400.3.6.3

Ecosystem specific

{
    "binaries": [
        {
            "netty": "4.1.44.Final-150400.3.6.3",
            "susemanager-sync-data": "4.3.23-150400.3.41.3"
        }
    ]
}

SUSE:Manager Server Module 4.3 / susemanager-sync-data

Package

Name
susemanager-sync-data
Purl
pkg:rpm/suse/susemanager-sync-data&distro=SUSE%20Manager%20Server%20Module%204.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.23-150400.3.41.3

Ecosystem specific

{
    "binaries": [
        {
            "netty": "4.1.44.Final-150400.3.6.3",
            "susemanager-sync-data": "4.3.23-150400.3.41.3"
        }
    ]
}