SUSE-SU-2026:1140-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2026/suse-su-20261140-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:1140-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2026:1140-1
Upstream
  • CVE-2025-62348
  • CVE-2025-62349
Related
Published
2026-03-30T09:15:49Z
Modified
2026-03-31T08:00:18.672131Z
Summary
Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools
Details

This update fixes the following issues:

spacecmd:

  • Version 5.2.6-0
    • Update translation strings

uyuni-tools:

  • Version 5.2.5-0
    • Remove migrate command
    • Remove template script from mgradm: use the one in the image
    • Split the TFTP server into a separate container
    • Explicitly start proxy pods after operations (bsc#1258015)
    • Adjust mgrctl server filter to work with the new helm chart labels
    • Remove hub register command
    • Remove the Kubernetes install and upgrade from mgrpxy
    • Optimize postgres migration disk space usage (bsc#1257447)

venv-salt-minion:

  • Fix the typo causing buiding EL9 bundle without binary dependencies
  • Backport security patches for Salt vendored tornado:
    • CVE-2025-67724: missing validation of supplied reason phrase (bsc#1254903)
    • CVE-2025-67725: fix DoS via malicious HTTP request (bsc#1254905)
    • CVE-2025-67726: fix HTTP header parameter parsing algorithm (bsc#1254904)
  • CVE-2025-62349: Add minimumauthversion to enforce security (bsc#1254257)
  • CVE-2025-62348: Junos module yaml loader fix (bsc#1254256)
References

Affected packages

SUSE:EL-9:Update:Products:MultiLinuxManagerToolsBeta:Update
golang-github-prometheus-node_exporter

Package

Name
golang-github-prometheus-node_exporter
Purl
pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE:EL-9:Update:Products:MultiLinuxManagerToolsBeta:Update

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.9.1-90052.3.2.1

Ecosystem specific 

{
    "binaries": [
        {
            "saltbundlepy-m2crypto-doc": "0.45.1-90052.4.3.1",
            "scap-security-guide-redhat": "0.1.79-90052.4.2.1",
            "saltbundlepy-m2crypto": "0.45.1-90052.4.3.1",
            "mgrctl-bash-completion": "5.2.5-90052.4.3.1",
            "spacecmd": "5.2.6-90052.4.3.1",
            "spacewalk-client-tools": "5.2.4-90052.3.3.1",
            "python3-uyuni-common-libs": "5.2.3-90052.3.3.1",
            "golang-github-prometheus-node_exporter": "1.9.1-90052.3.2.1",
            "python3-spacewalk-client-tools": "5.2.4-90052.3.3.1",
            "scap-security-guide": "0.1.79-90052.4.2.1",
            "scap-security-guide-debian": "0.1.79-90052.4.2.1",
            "venv-salt-minion": "3006.0-90052.6.3.1",
            "mgrctl": "5.2.5-90052.4.3.1",
            "scap-security-guide-ubuntu": "0.1.79-90052.4.2.1",
            "python3-rhnlib": "5.2.4-90052.3.3.1",
            "mgrctl-zsh-completion": "5.2.5-90052.4.3.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:1140-1.json"
rhnlib

Package

Name
rhnlib
Purl
pkg:rpm/suse/rhnlib&distro=SUSE:EL-9:Update:Products:MultiLinuxManagerToolsBeta:Update

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.2.4-90052.3.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "saltbundlepy-m2crypto-doc": "0.45.1-90052.4.3.1",
            "scap-security-guide-redhat": "0.1.79-90052.4.2.1",
            "saltbundlepy-m2crypto": "0.45.1-90052.4.3.1",
            "mgrctl-bash-completion": "5.2.5-90052.4.3.1",
            "spacecmd": "5.2.6-90052.4.3.1",
            "spacewalk-client-tools": "5.2.4-90052.3.3.1",
            "python3-uyuni-common-libs": "5.2.3-90052.3.3.1",
            "golang-github-prometheus-node_exporter": "1.9.1-90052.3.2.1",
            "python3-spacewalk-client-tools": "5.2.4-90052.3.3.1",
            "scap-security-guide": "0.1.79-90052.4.2.1",
            "scap-security-guide-debian": "0.1.79-90052.4.2.1",
            "venv-salt-minion": "3006.0-90052.6.3.1",
            "mgrctl": "5.2.5-90052.4.3.1",
            "scap-security-guide-ubuntu": "0.1.79-90052.4.2.1",
            "python3-rhnlib": "5.2.4-90052.3.3.1",
            "mgrctl-zsh-completion": "5.2.5-90052.4.3.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:1140-1.json"
saltbundlepy-m2crypto

Package

Name
saltbundlepy-m2crypto
Purl
pkg:rpm/suse/saltbundlepy-m2crypto&distro=SUSE:EL-9:Update:Products:MultiLinuxManagerToolsBeta:Update

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.45.1-90052.4.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "saltbundlepy-m2crypto-doc": "0.45.1-90052.4.3.1",
            "scap-security-guide-redhat": "0.1.79-90052.4.2.1",
            "saltbundlepy-m2crypto": "0.45.1-90052.4.3.1",
            "mgrctl-bash-completion": "5.2.5-90052.4.3.1",
            "spacecmd": "5.2.6-90052.4.3.1",
            "spacewalk-client-tools": "5.2.4-90052.3.3.1",
            "python3-uyuni-common-libs": "5.2.3-90052.3.3.1",
            "golang-github-prometheus-node_exporter": "1.9.1-90052.3.2.1",
            "python3-spacewalk-client-tools": "5.2.4-90052.3.3.1",
            "scap-security-guide": "0.1.79-90052.4.2.1",
            "scap-security-guide-debian": "0.1.79-90052.4.2.1",
            "venv-salt-minion": "3006.0-90052.6.3.1",
            "mgrctl": "5.2.5-90052.4.3.1",
            "scap-security-guide-ubuntu": "0.1.79-90052.4.2.1",
            "python3-rhnlib": "5.2.4-90052.3.3.1",
            "mgrctl-zsh-completion": "5.2.5-90052.4.3.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:1140-1.json"
scap-security-guide

Package

Name
scap-security-guide
Purl
pkg:rpm/suse/scap-security-guide&distro=SUSE:EL-9:Update:Products:MultiLinuxManagerToolsBeta:Update

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.1.79-90052.4.2.1

Ecosystem specific 

{
    "binaries": [
        {
            "saltbundlepy-m2crypto-doc": "0.45.1-90052.4.3.1",
            "scap-security-guide-redhat": "0.1.79-90052.4.2.1",
            "saltbundlepy-m2crypto": "0.45.1-90052.4.3.1",
            "mgrctl-bash-completion": "5.2.5-90052.4.3.1",
            "spacecmd": "5.2.6-90052.4.3.1",
            "spacewalk-client-tools": "5.2.4-90052.3.3.1",
            "python3-uyuni-common-libs": "5.2.3-90052.3.3.1",
            "golang-github-prometheus-node_exporter": "1.9.1-90052.3.2.1",
            "python3-spacewalk-client-tools": "5.2.4-90052.3.3.1",
            "scap-security-guide": "0.1.79-90052.4.2.1",
            "scap-security-guide-debian": "0.1.79-90052.4.2.1",
            "venv-salt-minion": "3006.0-90052.6.3.1",
            "mgrctl": "5.2.5-90052.4.3.1",
            "scap-security-guide-ubuntu": "0.1.79-90052.4.2.1",
            "python3-rhnlib": "5.2.4-90052.3.3.1",
            "mgrctl-zsh-completion": "5.2.5-90052.4.3.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:1140-1.json"
spacecmd

Package

Name
spacecmd
Purl
pkg:rpm/suse/spacecmd&distro=SUSE:EL-9:Update:Products:MultiLinuxManagerToolsBeta:Update

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.2.6-90052.4.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "saltbundlepy-m2crypto-doc": "0.45.1-90052.4.3.1",
            "scap-security-guide-redhat": "0.1.79-90052.4.2.1",
            "saltbundlepy-m2crypto": "0.45.1-90052.4.3.1",
            "mgrctl-bash-completion": "5.2.5-90052.4.3.1",
            "spacecmd": "5.2.6-90052.4.3.1",
            "spacewalk-client-tools": "5.2.4-90052.3.3.1",
            "python3-uyuni-common-libs": "5.2.3-90052.3.3.1",
            "golang-github-prometheus-node_exporter": "1.9.1-90052.3.2.1",
            "python3-spacewalk-client-tools": "5.2.4-90052.3.3.1",
            "scap-security-guide": "0.1.79-90052.4.2.1",
            "scap-security-guide-debian": "0.1.79-90052.4.2.1",
            "venv-salt-minion": "3006.0-90052.6.3.1",
            "mgrctl": "5.2.5-90052.4.3.1",
            "scap-security-guide-ubuntu": "0.1.79-90052.4.2.1",
            "python3-rhnlib": "5.2.4-90052.3.3.1",
            "mgrctl-zsh-completion": "5.2.5-90052.4.3.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:1140-1.json"
spacewalk-client-tools

Package

Name
spacewalk-client-tools
Purl
pkg:rpm/suse/spacewalk-client-tools&distro=SUSE:EL-9:Update:Products:MultiLinuxManagerToolsBeta:Update

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.2.4-90052.3.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "saltbundlepy-m2crypto-doc": "0.45.1-90052.4.3.1",
            "scap-security-guide-redhat": "0.1.79-90052.4.2.1",
            "saltbundlepy-m2crypto": "0.45.1-90052.4.3.1",
            "mgrctl-bash-completion": "5.2.5-90052.4.3.1",
            "spacecmd": "5.2.6-90052.4.3.1",
            "spacewalk-client-tools": "5.2.4-90052.3.3.1",
            "python3-uyuni-common-libs": "5.2.3-90052.3.3.1",
            "golang-github-prometheus-node_exporter": "1.9.1-90052.3.2.1",
            "python3-spacewalk-client-tools": "5.2.4-90052.3.3.1",
            "scap-security-guide": "0.1.79-90052.4.2.1",
            "scap-security-guide-debian": "0.1.79-90052.4.2.1",
            "venv-salt-minion": "3006.0-90052.6.3.1",
            "mgrctl": "5.2.5-90052.4.3.1",
            "scap-security-guide-ubuntu": "0.1.79-90052.4.2.1",
            "python3-rhnlib": "5.2.4-90052.3.3.1",
            "mgrctl-zsh-completion": "5.2.5-90052.4.3.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:1140-1.json"
uyuni-common-libs

Package

Name
uyuni-common-libs
Purl
pkg:rpm/suse/uyuni-common-libs&distro=SUSE:EL-9:Update:Products:MultiLinuxManagerToolsBeta:Update

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.2.3-90052.3.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "saltbundlepy-m2crypto-doc": "0.45.1-90052.4.3.1",
            "scap-security-guide-redhat": "0.1.79-90052.4.2.1",
            "saltbundlepy-m2crypto": "0.45.1-90052.4.3.1",
            "mgrctl-bash-completion": "5.2.5-90052.4.3.1",
            "spacecmd": "5.2.6-90052.4.3.1",
            "spacewalk-client-tools": "5.2.4-90052.3.3.1",
            "python3-uyuni-common-libs": "5.2.3-90052.3.3.1",
            "golang-github-prometheus-node_exporter": "1.9.1-90052.3.2.1",
            "python3-spacewalk-client-tools": "5.2.4-90052.3.3.1",
            "scap-security-guide": "0.1.79-90052.4.2.1",
            "scap-security-guide-debian": "0.1.79-90052.4.2.1",
            "venv-salt-minion": "3006.0-90052.6.3.1",
            "mgrctl": "5.2.5-90052.4.3.1",
            "scap-security-guide-ubuntu": "0.1.79-90052.4.2.1",
            "python3-rhnlib": "5.2.4-90052.3.3.1",
            "mgrctl-zsh-completion": "5.2.5-90052.4.3.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:1140-1.json"
uyuni-tools

Package

Name
uyuni-tools
Purl
pkg:rpm/suse/uyuni-tools&distro=SUSE:EL-9:Update:Products:MultiLinuxManagerToolsBeta:Update

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.2.5-90052.4.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "saltbundlepy-m2crypto-doc": "0.45.1-90052.4.3.1",
            "scap-security-guide-redhat": "0.1.79-90052.4.2.1",
            "saltbundlepy-m2crypto": "0.45.1-90052.4.3.1",
            "mgrctl-bash-completion": "5.2.5-90052.4.3.1",
            "spacecmd": "5.2.6-90052.4.3.1",
            "spacewalk-client-tools": "5.2.4-90052.3.3.1",
            "python3-uyuni-common-libs": "5.2.3-90052.3.3.1",
            "golang-github-prometheus-node_exporter": "1.9.1-90052.3.2.1",
            "python3-spacewalk-client-tools": "5.2.4-90052.3.3.1",
            "scap-security-guide": "0.1.79-90052.4.2.1",
            "scap-security-guide-debian": "0.1.79-90052.4.2.1",
            "venv-salt-minion": "3006.0-90052.6.3.1",
            "mgrctl": "5.2.5-90052.4.3.1",
            "scap-security-guide-ubuntu": "0.1.79-90052.4.2.1",
            "python3-rhnlib": "5.2.4-90052.3.3.1",
            "mgrctl-zsh-completion": "5.2.5-90052.4.3.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:1140-1.json"
venv-salt-minion

Package

Name
venv-salt-minion
Purl
pkg:rpm/suse/venv-salt-minion&distro=SUSE:EL-9:Update:Products:MultiLinuxManagerToolsBeta:Update

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3006.0-90052.6.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "saltbundlepy-m2crypto-doc": "0.45.1-90052.4.3.1",
            "scap-security-guide-redhat": "0.1.79-90052.4.2.1",
            "saltbundlepy-m2crypto": "0.45.1-90052.4.3.1",
            "mgrctl-bash-completion": "5.2.5-90052.4.3.1",
            "spacecmd": "5.2.6-90052.4.3.1",
            "spacewalk-client-tools": "5.2.4-90052.3.3.1",
            "python3-uyuni-common-libs": "5.2.3-90052.3.3.1",
            "golang-github-prometheus-node_exporter": "1.9.1-90052.3.2.1",
            "python3-spacewalk-client-tools": "5.2.4-90052.3.3.1",
            "scap-security-guide": "0.1.79-90052.4.2.1",
            "scap-security-guide-debian": "0.1.79-90052.4.2.1",
            "venv-salt-minion": "3006.0-90052.6.3.1",
            "mgrctl": "5.2.5-90052.4.3.1",
            "scap-security-guide-ubuntu": "0.1.79-90052.4.2.1",
            "python3-rhnlib": "5.2.4-90052.3.3.1",
            "mgrctl-zsh-completion": "5.2.5-90052.4.3.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:1140-1.json"
SUSE:Multi Linux Manager Tools Beta EL-9
golang-github-prometheus-node_exporter

Package

Name
golang-github-prometheus-node_exporter
Purl
pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20Beta%20EL-9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.9.1-90052.3.2.1

Ecosystem specific 

{
    "binaries": [
        {
            "venv-salt-minion": "3006.0-90052.6.3.1",
            "mgrctl": "5.2.5-90052.4.3.1",
            "golang-github-prometheus-node_exporter": "1.9.1-90052.3.2.1",
            "mgrctl-bash-completion": "5.2.5-90052.4.3.1",
            "scap-security-guide-redhat": "0.1.79-90052.4.2.1",
            "mgrctl-zsh-completion": "5.2.5-90052.4.3.1",
            "spacecmd": "5.2.6-90052.4.3.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:1140-1.json"
scap-security-guide

Package

Name
scap-security-guide
Purl
pkg:rpm/suse/scap-security-guide&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20Beta%20EL-9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.1.79-90052.4.2.1

Ecosystem specific 

{
    "binaries": [
        {
            "venv-salt-minion": "3006.0-90052.6.3.1",
            "mgrctl": "5.2.5-90052.4.3.1",
            "golang-github-prometheus-node_exporter": "1.9.1-90052.3.2.1",
            "mgrctl-bash-completion": "5.2.5-90052.4.3.1",
            "scap-security-guide-redhat": "0.1.79-90052.4.2.1",
            "mgrctl-zsh-completion": "5.2.5-90052.4.3.1",
            "spacecmd": "5.2.6-90052.4.3.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:1140-1.json"
spacecmd

Package

Name
spacecmd
Purl
pkg:rpm/suse/spacecmd&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20Beta%20EL-9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.2.6-90052.4.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "venv-salt-minion": "3006.0-90052.6.3.1",
            "mgrctl": "5.2.5-90052.4.3.1",
            "golang-github-prometheus-node_exporter": "1.9.1-90052.3.2.1",
            "mgrctl-bash-completion": "5.2.5-90052.4.3.1",
            "scap-security-guide-redhat": "0.1.79-90052.4.2.1",
            "mgrctl-zsh-completion": "5.2.5-90052.4.3.1",
            "spacecmd": "5.2.6-90052.4.3.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:1140-1.json"
uyuni-tools

Package

Name
uyuni-tools
Purl
pkg:rpm/suse/uyuni-tools&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20Beta%20EL-9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.2.5-90052.4.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "venv-salt-minion": "3006.0-90052.6.3.1",
            "mgrctl": "5.2.5-90052.4.3.1",
            "golang-github-prometheus-node_exporter": "1.9.1-90052.3.2.1",
            "mgrctl-bash-completion": "5.2.5-90052.4.3.1",
            "scap-security-guide-redhat": "0.1.79-90052.4.2.1",
            "mgrctl-zsh-completion": "5.2.5-90052.4.3.1",
            "spacecmd": "5.2.6-90052.4.3.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:1140-1.json"
venv-salt-minion

Package

Name
venv-salt-minion
Purl
pkg:rpm/suse/venv-salt-minion&distro=SUSE%20Multi%20Linux%20Manager%20Tools%20Beta%20EL-9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3006.0-90052.6.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "venv-salt-minion": "3006.0-90052.6.3.1",
            "mgrctl": "5.2.5-90052.4.3.1",
            "golang-github-prometheus-node_exporter": "1.9.1-90052.3.2.1",
            "mgrctl-bash-completion": "5.2.5-90052.4.3.1",
            "scap-security-guide-redhat": "0.1.79-90052.4.2.1",
            "mgrctl-zsh-completion": "5.2.5-90052.4.3.1",
            "spacecmd": "5.2.6-90052.4.3.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:1140-1.json"