Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

SUSE Linux Micro: Multi-Linux Manager Important Update CVE-2025-62348

suse
Calendar Grey December 18, 2025
Dist Suse Esm H88
An important security update for Multi-Linux Manager tools in SUSE fixes critical vulnerabilities. Immediate installation recommended.
An update that solves two vulnerabilities and has 26 fixes can now be installed.

Summary

## This update fixes the following issues: salt: * Security issues fixed: * CVE-2025-62349: Added minimum_auth_version to enforce security (bsc#1254257) * CVE-2025-62348: Fixed Junos module yaml loader (bsc#1254256) * Backport security fixes for vendored tornado * BDSA-2024-3438 * BDSA-2024-3439 * BDSA-2024-9026 * Other changes and bugs fixed: * Fixed TLS and x509 modules for OSes with older cryptography module * Fixed Salt for Python > 3.11 (bsc#1252285) (bsc#1252244) * Use external tornado on Python > 3.11 * Make tls and x509 to use python-cryptography * Remove usage of spwd * Fixed payload signature verification on Tumbleweed (bsc#1251776) * Fixed broken symlink on migration to Leap 16.0 (bsc#1250755) * Fixed known_hosts error on gitfs (bsc#1250520) (bsc#1227207)

References

* bsc#1227207

* bsc#1243611

* bsc#1243704

* bsc#1244027

* bsc#1244127

* bsc#1244534

* bsc#1245099

* bsc#1245740

* bsc#1246068

* bsc#1246320

* bsc#1246553

* bsc#1246662

* bsc#1246738

* bsc#1246789

* bsc#1246882

* bsc#1246906

* bsc#1246925

* bsc#1247688

* bsc#1247721

* bsc#1250520

* bsc#1250755

* bsc#1251044

* bsc#1251138

* bsc#1251776

* bsc#1252244

* bsc#1252285

* bsc#1254256

* bsc#1254257

Cross-

* CVE-2025-62348

* CVE-2025-62349

CVSS scores:

* CVE-2025-62348 ( SUSE ): 7.3

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2025-62348 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-62349 ( SUSE ): 7.5

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

* CVE-2025-62349 ( SUSE ): 6.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:21216-1
Release Date: 2025-12-16T07:23:26Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here