SUSE-SU-2025:03448-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2025/suse-su-202503448-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:03448-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2025:03448-1
Upstream
Related
Published
2025-10-02T07:14:58Z
Modified
2025-10-02T16:32:11.636298Z
Summary
Security update for warewulf4
Details

This update for warewulf4 fixes the following issues:

Update to version 4.6.4.

Security issues fixed:

  • CVE-2025-58058: xz: excessive memory consuption when unpacking a large number of corrupted LZMA archives (bsc#1248906).

Other issues fixed:

  • Convert disk booleans from wwbool to *bool which allows bools in disk to be set to false via command line (bsc#1248768).
  • Fix wwctl upgrade nodes to handle kernel argument lists (bsc#1227686, bsc#1227465).
  • Mark slurm as recommeneded in the warewulf4-overlay-slurm package (bsc#1246082).

  • Switch to dnsmasq as default DHCP and TFTP provider.

  • v4.6.4 release updates:

    • Update NetworkManager Overlay
      • Disable IPv4 in NetworkManager if no address or route is specified
    • Fix(wwctl): create overlay edit tempfile in tmpdir
    • Add default for systemd name for warewulf in warewulf.conf
    • Atomic overlay file application in wwclient
    • Simpler names for overlay methods
    • Fix warewulfd API behavior when deleting distribution overlay

  • v4.6.3 release updates:

    • IPv6 iPXE support
    • Fix a race condition in wwctl overlay edit
    • Fixed handling of comma-separated mount options in fstab and ignition overlays
    • Move reexec.Init() to beginning of wwctl
    • Added warewuld configure option
    • Address copilot review from #1945
    • Bugfix: cloning a site overlay when parent dir does not exist
    • Clone to a site overlay when adding files in wwapi
    • Consolidated createOverlayFile and updateOverlayFile to addOverlayFile
    • Support for creating and updating overlay file in wwapi
    • Only return overlay files that refer to a path within the overlay
    • Add overlay file deletion support
    • DELETE /api/overlays/{id}?force=true can delete overlays in use
    • Restore idempotency of PUT /api/nodes/{id}
    • Simplify overlay mtime API and add tests
    • Add node overlay buildtime
    • Improved netplan support
    • Rebuild overlays for discovered nodes

  • v4.6.2 release updates:

    • (preview) support for provisioning to local disk

  • incoperated from v4.6.1:

    • REST API, which is disabled in the default configuration
References

Affected packages

openSUSE:Leap 15.6

warewulf4

Package

Name
warewulf4
Purl
pkg:rpm/opensuse/warewulf4&distro=openSUSE%20Leap%2015.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.6.4-150500.6.37.1

Ecosystem specific 

{
    "binaries": [
        {
            "warewulf4-man": "4.6.4-150500.6.37.1",
            "warewulf4-overlay-slurm": "4.6.4-150500.6.37.1",
            "warewulf4": "4.6.4-150500.6.37.1",
            "warewulf4-reference-doc": "4.6.4-150500.6.37.1",
            "warewulf4-dracut": "4.6.4-150500.6.37.1",
            "warewulf4-overlay": "4.6.4-150500.6.37.1"
        }
    ]
}

SUSE:Linux Enterprise Module for HPC 15 SP6

warewulf4

Package

Name
warewulf4
Purl
pkg:rpm/suse/warewulf4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.6.4-150500.6.37.1

Ecosystem specific 

{
    "binaries": [
        {
            "warewulf4-man": "4.6.4-150500.6.37.1",
            "warewulf4-overlay-slurm": "4.6.4-150500.6.37.1",
            "warewulf4": "4.6.4-150500.6.37.1",
            "warewulf4-reference-doc": "4.6.4-150500.6.37.1",
            "warewulf4-dracut": "4.6.4-150500.6.37.1",
            "warewulf4-overlay": "4.6.4-150500.6.37.1"
        }
    ]
}

SUSE:Linux Enterprise Module for HPC 15 SP7

warewulf4

Package

Name
warewulf4
Purl
pkg:rpm/suse/warewulf4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.6.4-150500.6.37.1

Ecosystem specific 

{
    "binaries": [
        {
            "warewulf4-man": "4.6.4-150500.6.37.1",
            "warewulf4-overlay-slurm": "4.6.4-150500.6.37.1",
            "warewulf4": "4.6.4-150500.6.37.1",
            "warewulf4-reference-doc": "4.6.4-150500.6.37.1",
            "warewulf4-dracut": "4.6.4-150500.6.37.1",
            "warewulf4-overlay": "4.6.4-150500.6.37.1"
        }
    ]
}