Security update 5.1.1.1 for Multi-Linux Manager Client Tools SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:4449-1 Final 1 1 2025-12-18T08:50:22Z current 2025-12-18T08:50:22Z 2025-12-18T08:50:22Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update 5.1.1.1 for Multi-Linux Manager Client Tools This update fixes the following issues: venv-salt-minion: - Security issues fixed: - CVE-2025-62349: Added minimum_auth_version to enforce security (bsc#1254257) - CVE-2025-62348: Fixed Junos module yaml loader (bsc#1254256) - Backport security fixes for vendored tornado * BDSA-2024-3438 * BDSA-2024-3439 * BDSA-2024-9026 - Other changes and bugs fixed: - Fixed TLS and x509 modules for OSes with older cryptography module - Fixed Salt for Python > 3.11 (bsc#1252285) (bsc#1252244) * Use external tornado on Python > 3.11 * Make tls and x509 to use python-cryptography * Remove usage of spwd - Fixed payload signature verification on Tumbleweed (bsc#1251776) - Fixed broken symlink on migration to Leap 16.0 (bsc#1250755) - Fixed known_hosts error on gitfs (bsc#1250520) (bsc#1227207) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-4449,SUSE-MultiLinuxManagerTools-EL-8-2025-4449 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20254449-1/ Link for SUSE-SU-2025:4449-1 https://lists.suse.com/pipermail/sle-security-updates/2025-December/023603.html E-Mail link for SUSE-SU-2025:4449-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1227207 SUSE Bug 1227207 https://bugzilla.suse.com/1250520 SUSE Bug 1250520 https://bugzilla.suse.com/1251776 SUSE Bug 1251776 https://bugzilla.suse.com/1252244 SUSE Bug 1252244 https://bugzilla.suse.com/1252285 SUSE Bug 1252285 https://bugzilla.suse.com/1254256 SUSE Bug 1254256 https://bugzilla.suse.com/1254257 SUSE Bug 1254257 https://www.suse.com/security/cve/CVE-2025-62348/ SUSE CVE CVE-2025-62348 page https://www.suse.com/security/cve/CVE-2025-62349/ SUSE CVE CVE-2025-62349 page SUSE Multi Linux Manager Tools EL-8 SUSE:RES-8:Update:Products:MultiLinuxManagerTools:Update venv-salt-minion-3006.0-80002.5.6.1 venv-salt-minion-3006.0-80002.5.6.1 as a component of SUSE Multi Linux Manager Tools EL-8 venv-salt-minion-3006.0-80002.5.6.1 as a component of SUSE:RES-8:Update:Products:MultiLinuxManagerTools:Update unknown CVE-2025-62348 SUSE Multi Linux Manager Tools EL-8:venv-salt-minion-3006.0-80002.5.6.1 SUSE:RES-8:Update:Products:MultiLinuxManagerTools:Update:venv-salt-minion-3006.0-80002.5.6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254449-1/ https://www.suse.com/security/cve/CVE-2025-62348.html CVE-2025-62348 https://bugzilla.suse.com/1254256 SUSE Bug 1254256 unknown CVE-2025-62349 SUSE Multi Linux Manager Tools EL-8:venv-salt-minion-3006.0-80002.5.6.1 SUSE:RES-8:Update:Products:MultiLinuxManagerTools:Update:venv-salt-minion-3006.0-80002.5.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254449-1/ https://www.suse.com/security/cve/CVE-2025-62349.html CVE-2025-62349 https://bugzilla.suse.com/1254257 SUSE Bug 1254257