Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

SUSE: Multi-Linux Manager Important Salt Security Fix 2025:20504-1

suse
Calendar Grey July 25, 2025
Dist Suse Esm H88
Essential patch rollout for Unified-Linux Administration Suite focusing on numerous vulnerabilities and enhancing overall security posture.
* bsc#1236621 * bsc#1236877 * bsc#1238686 * bsc#1238849 * bsc#1238929

Summary

## This update fixes the following issues: golang-github-prometheus-node_exporter: * Security issues fixed: * CVE-2025-22870: Prevent a matching of hosts against proxy patterns to improperly treat an IPv6 zone ID as a hostname component (bsc#1238686) * Other bugs fixed: * Fixed Darwin memory leak * pressure: Fix missing IRQ on older kernels salt, venv-salt-minion: * Security issues fixed: * CVE-2024-38822: Fixed Minion token validation (bsc#1244561) * CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport (bsc#1244564) * CVE-2024-38824: Fixed directory traversal vulnerability in recv_file method (bsc#1244565) * CVE-2024-38825: Fixed salt.auth.pki module authentication issue (bsc#1244566)

References

* bsc#1236621

* bsc#1236877

* bsc#1238686

* bsc#1238849

* bsc#1238929

* bsc#1240626

* bsc#1240698

* bsc#1242174

* bsc#1243105

* bsc#1243268

* bsc#1243274

* bsc#1243297

* bsc#1243802

* bsc#1244561

* bsc#1244564

* bsc#1244565

* bsc#1244566

* bsc#1244567

* bsc#1244568

* bsc#1244570

* bsc#1244571

* bsc#1244572

* bsc#1244574

* bsc#1244575

* jsc#MSQA-993

Cross-

* CVE-2024-38822

* CVE-2024-38823

* CVE-2024-38824

* CVE-2024-38825

* CVE-2025-22236

* CVE-2025-22237

* CVE-2025-22238

* CVE-2025-22239

* CVE-2025-22240

* CVE-2025-22241

* CVE-2025-22242

* CVE-2025-22870

* CVE-2025-47287

CVSS scores:

* CVE-2024-38822 ( SUSE ): 5.1

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

* CVE-2024-38822 ( SUSE ): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:20504-1
Release Date: 2025-07-23T13:47:52Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here