# Maintenance update for Multi-Linux Manager 4.3 Release Notes Release Notes Announcement ID: SUSE-SU-2025:02476-1 Release Date: 2025-07-23T12:37:13Z Rating: critical References: * bsc#1157520 * bsc#1191142 * bsc#1209060 * bsc#1211373 * bsc#1213952 * bsc#1216187 * bsc#1221031 * bsc#1225740 * bsc#1230403 * bsc#1230908 * bsc#1233371 * bsc#1234608 * bsc#1236601 * bsc#1236635 * bsc#1236779 * bsc#1236810 * bsc#1236877 * bsc#1236910 * bsc#1237060 * bsc#1237082 * bsc#1237294 * bsc#1237403 * bsc#1237581 * bsc#1237694 * bsc#1237770 * bsc#1238922 * bsc#1238924 * bsc#1239102 * bsc#1239154 * bsc#1239604 * bsc#1239743 * bsc#1239826 * bsc#1239868 * bsc#1239907 * bsc#1240038 * bsc#1240386 * bsc#1240666 * bsc#1240842 * bsc#1241239 * bsc#1241286 * bsc#1241455 * bsc#1241490 * bsc#1242004 * bsc#1242030 * bsc#1242148 * bsc#1242554 * bsc#1242911 * bsc#1243239 * bsc#1243460 * bsc#1243724 * bsc#1243825 * bsc#1244065 * bsc#1244290 * bsc#1245005 * bsc#1245027 * bsc#1245222 * bsc#1245368 * bsc#1246119 * jsc#MSQA-993 Cross-References: * CVE-2024-38822 * CVE-2024-38823 * CVE-2024-38824 * CVE-2024-38825 * CVE-2025-22236 * CVE-2025-22237 * CVE-2025-22238 * CVE-2025-22239 * CVE-2025-22240 * CVE-2025-22241 * CVE-2025-22242 * CVE-2025-23392 * CVE-2025-23393 * CVE-2025-46809 * CVE-2025-46811 CVSS scores: * CVE-2024-38822 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-38822 ( SUSE ): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2024-38822 ( NVD ): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2024-38823 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2024-38823 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-38823 ( NVD ): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N * CVE-2024-38824 ( SUSE ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N * CVE-2024-38824 ( SUSE ): 9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2024-38824 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2024-38824 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-38825 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2024-38825 ( SUSE ): 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N * CVE-2024-38825 ( NVD ): 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N * CVE-2025-22236 ( SUSE ): 6.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L * CVE-2025-22236 ( SUSE ): 8.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L * CVE-2025-22236 ( NVD ): 8.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L * CVE-2025-22237 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-22237 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-22237 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-22238 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-22238 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2025-22238 ( NVD ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N * CVE-2025-22239 ( SUSE ): 6.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L * CVE-2025-22239 ( SUSE ): 8.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L * CVE-2025-22239 ( NVD ): 8.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L * CVE-2025-22240 ( SUSE ): 5.4 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-22240 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H * CVE-2025-22240 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H * CVE-2025-22241 ( SUSE ): 5.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-22241 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N * CVE-2025-22241 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N * CVE-2025-22242 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-22242 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2025-22242 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H * CVE-2025-23392 ( SUSE ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-23392 ( SUSE ): 5.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N * CVE-2025-23392 ( NVD ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-23392 ( NVD ): 5.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N * CVE-2025-23393 ( SUSE ): 5.8 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H * CVE-2025-23393 ( SUSE ): 6.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L * CVE-2025-23393 ( NVD ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-23393 ( NVD ): 5.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N * CVE-2025-46809 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N * CVE-2025-46809 ( SUSE ): 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N * CVE-2025-46811 ( SUSE ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-46811 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 15 vulnerabilities, contains one feature and has 43 security fixes can now be installed. ## Security update 4.3.16 for Multi-Linux Manager Proxy and Retail Branch Server ### Description: This update fixes the following issues: release-notes-susemanager-proxy: * Update to SUSE Manager 4.3.16 * CVE Fixed CVE-2025-23392, CVE-2025-23393, CVE-2025-46809 * Bugs mentioned: bsc#1236601, bsc#1236635, bsc#1236779, bsc#1237294, bsc#1238922 bsc#1239826, bsc#1240386, bsc#1242004, bsc#1243460, bsc#1245222 bsc#1245005 ## Security update 4.3.16 for Multi-Linux Manager Server ### Description: This update fixes the following issues: release-notes-susemanager: * Update to SUSE Manager 4.3.16 * Important Salt Security Update * Added support for SUSE Linux Enterprise 15 SP7 as a client using the Salt Bundle * CVE Fixed CVE-2025-23392, CVE-2025-23393, CVE-2024-38824, CVE-2025-22239 CVE-2025-22236, CVE-2025-22237, CVE-2024-38825, CVE-2025-22240 CVE-2024-38823, CVE-2025-22241, CVE-2025-22238, CVE-2025-22242 CVE-2024-38822, CVE-2025-46811, CVE-2025-46809 * Bugs mentioned: bsc#1157520, bsc#1191142, bsc#1209060, bsc#1211373, bsc#1213952 bsc#1216187, bsc#1221031, bsc#1225740, bsc#1230403, bsc#1230908 bsc#1233371, bsc#1234608, bsc#1236635, bsc#1236779, bsc#1236810 bsc#1236877, bsc#1236910, bsc#1237060, bsc#1237082, bsc#1237294 bsc#1237403, bsc#1237581, bsc#1237694, bsc#1237770, bsc#1238922 bsc#1238924, bsc#1239102, bsc#1239154, bsc#1239604, bsc#1239743 bsc#1239826, bsc#1239868, bsc#1239907, bsc#1240038, bsc#1240386 bsc#1240666, bsc#1240842, bsc#1241239, bsc#1241286, bsc#1241455 bsc#1241490, bsc#1242004, bsc#1242030, bsc#1242148, bsc#1242554 bsc#1242911, bsc#1243239, bsc#1243460, bsc#1243724, bsc#1243825 bsc#1244065, bsc#1244290, bsc#1245027, bsc#1245222, bsc#1245368 bsc#1245005, bsc#1246119 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2025-2476=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-2476=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-2476=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-2476=1 ## Package List: * SUSE Manager Retail Branch Server 4.3 (noarch) * release-notes-susemanager-proxy-4.3.16-150400.3.98.1 * SUSE Manager Server 4.3 (noarch) * release-notes-susemanager-4.3.16-150400.3.140.1 * openSUSE Leap 15.4 (noarch) * release-notes-susemanager-proxy-4.3.16-150400.3.98.1 * release-notes-susemanager-4.3.16-150400.3.140.1 * SUSE Manager Proxy 4.3 (noarch) * release-notes-susemanager-proxy-4.3.16-150400.3.98.1 ## References: * https://www.suse.com/security/cve/CVE-2024-38822.html * https://www.suse.com/security/cve/CVE-2024-38823.html * https://www.suse.com/security/cve/CVE-2024-38824.html * https://www.suse.com/security/cve/CVE-2024-38825.html * https://www.suse.com/security/cve/CVE-2025-22236.html * https://www.suse.com/security/cve/CVE-2025-22237.html * https://www.suse.com/security/cve/CVE-2025-22238.html * https://www.suse.com/security/cve/CVE-2025-22239.html * https://www.suse.com/security/cve/CVE-2025-22240.html * https://www.suse.com/security/cve/CVE-2025-22241.html * https://www.suse.com/security/cve/CVE-2025-22242.html * https://www.suse.com/security/cve/CVE-2025-23392.html * https://www.suse.com/security/cve/CVE-2025-23393.html * https://www.suse.com/security/cve/CVE-2025-46809.html * https://www.suse.com/security/cve/CVE-2025-46811.html * https://bugzilla.suse.com/show_bug.cgi?id=1157520 * https://bugzilla.suse.com/show_bug.cgi?id=1191142 * https://bugzilla.suse.com/show_bug.cgi?id=1209060 * https://bugzilla.suse.com/show_bug.cgi?id=1211373 * https://bugzilla.suse.com/show_bug.cgi?id=1213952 * https://bugzilla.suse.com/show_bug.cgi?id=1216187 * https://bugzilla.suse.com/show_bug.cgi?id=1221031 * https://bugzilla.suse.com/show_bug.cgi?id=1225740 * https://bugzilla.suse.com/show_bug.cgi?id=1230403 * https://bugzilla.suse.com/show_bug.cgi?id=1230908 * https://bugzilla.suse.com/show_bug.cgi?id=1233371 * https://bugzilla.suse.com/show_bug.cgi?id=1234608 * https://bugzilla.suse.com/show_bug.cgi?id=1236601 * https://bugzilla.suse.com/show_bug.cgi?id=1236635 * https://bugzilla.suse.com/show_bug.cgi?id=1236779 * https://bugzilla.suse.com/show_bug.cgi?id=1236810 * https://bugzilla.suse.com/show_bug.cgi?id=1236877 * https://bugzilla.suse.com/show_bug.cgi?id=1236910 * https://bugzilla.suse.com/show_bug.cgi?id=1237060 * https://bugzilla.suse.com/show_bug.cgi?id=1237082 * https://bugzilla.suse.com/show_bug.cgi?id=1237294 * https://bugzilla.suse.com/show_bug.cgi?id=1237403 * https://bugzilla.suse.com/show_bug.cgi?id=1237581 * https://bugzilla.suse.com/show_bug.cgi?id=1237694 * https://bugzilla.suse.com/show_bug.cgi?id=1237770 * https://bugzilla.suse.com/show_bug.cgi?id=1238922 * https://bugzilla.suse.com/show_bug.cgi?id=1238924 * https://bugzilla.suse.com/show_bug.cgi?id=1239102 * https://bugzilla.suse.com/show_bug.cgi?id=1239154 * https://bugzilla.suse.com/show_bug.cgi?id=1239604 * https://bugzilla.suse.com/show_bug.cgi?id=1239743 * https://bugzilla.suse.com/show_bug.cgi?id=1239826 * https://bugzilla.suse.com/show_bug.cgi?id=1239868 * https://bugzilla.suse.com/show_bug.cgi?id=1239907 * https://bugzilla.suse.com/show_bug.cgi?id=1240038 * https://bugzilla.suse.com/show_bug.cgi?id=1240386 * https://bugzilla.suse.com/show_bug.cgi?id=1240666 * https://bugzilla.suse.com/show_bug.cgi?id=1240842 * https://bugzilla.suse.com/show_bug.cgi?id=1241239 * https://bugzilla.suse.com/show_bug.cgi?id=1241286 * https://bugzilla.suse.com/show_bug.cgi?id=1241455 * https://bugzilla.suse.com/show_bug.cgi?id=1241490 * https://bugzilla.suse.com/show_bug.cgi?id=1242004 * https://bugzilla.suse.com/show_bug.cgi?id=1242030 * https://bugzilla.suse.com/show_bug.cgi?id=1242148 * https://bugzilla.suse.com/show_bug.cgi?id=1242554 * https://bugzilla.suse.com/show_bug.cgi?id=1242911 * https://bugzilla.suse.com/show_bug.cgi?id=1243239 * https://bugzilla.suse.com/show_bug.cgi?id=1243460 * https://bugzilla.suse.com/show_bug.cgi?id=1243724 * https://bugzilla.suse.com/show_bug.cgi?id=1243825 * https://bugzilla.suse.com/show_bug.cgi?id=1244065 * https://bugzilla.suse.com/show_bug.cgi?id=1244290 * https://bugzilla.suse.com/show_bug.cgi?id=1245005 * https://bugzilla.suse.com/show_bug.cgi?id=1245027 * https://bugzilla.suse.com/show_bug.cgi?id=1245222 * https://bugzilla.suse.com/show_bug.cgi?id=1245368 * https://bugzilla.suse.com/show_bug.cgi?id=1246119 * https://jira.suse.com/browse/MSQA-993