SUSE-SU-2025:1094-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2025/suse-su-20251094-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:1094-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2025:1094-1
Related
Published
2025-04-02T03:37:36Z
Modified
2025-04-02T12:45:22.190695Z
Summary
Security update for warewulf4
Details

This update for warewulf4 fixes the following issues:

warewulf4 was updated from version 4.5.8 to 4.6.0:

  • Security issues fixed for version 4.6.0:

    • CVE-2025-22869: Fixed Denial of Service vulnerability in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239322)
    • CVE-2025-22870: Fixed proxy bypass using IPv6 zone IDs (bsc#1238611)

  • User visible changes:

    • Default values nodes.conf:

      • The default values for kernel command line, init parameters and root are now set in the default profile and this profileshould be included in every profile. During the installation of an update an upgrade is done to nodes.conf which updates the database accordingly.

    • Overlay split up:

      • The overlays wwinit and runtime are now split up in different overlays named according to their role. The upgrade process will update the node database and replace the overlays wwinit and runtime with a list of overlays with same role.

    • Site and distribution overlays:

      • The overlays in /var/lib/warewulf/overlays should not be changed by the user any more. Site specific overlays are now sorted under /etc/warewulf/overlays. On upgrade, changed overlays are stored with the rpmsave suffix and move to /etc/warewulf/overlays/$OVERLAYNAME.

  • Other changes and bugs fixed:

    • Fixed udev issue with assigning device names (bsc#1226654)
    • Implemented new package warewulf-reference-doc with the reference documentation for Warewulf 4 as PDF
    • The configuation files nodes.conf and warewulf.conf will be updated on upgrade and the unmodified configuration files will be saved as nodes.conf.4.5.x and warewulf.conf.4.5.x

  • Summary of upstream changes:

    • New configuration upgrade system
    • Changes to the default profile
    • Renamed containers to (node) images
    • New kernel management system
    • Parallel overlay builds
    • Sprig functions in overlay templates
    • Improved network overlays
    • Nested profiles
    • Arbitrary 'resources' data in nodes.conf
    • NFS client configuration in nodes.conf
    • Emphatically optional syncuser
    • Improved network boot observability

    • Particularly significant changes, especially those affecting the user interface, are described in the release notes:

      • https://warewulf.org/docs/v4.6.x/release/v4.6.0.html
References

Affected packages

SUSE:Linux Enterprise Module for HPC 15 SP6 / warewulf4

Package

Name
warewulf4
Purl
pkg:rpm/suse/warewulf4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.6.0-150500.6.34.1

Ecosystem specific 

{
    "binaries": [
        {
            "warewulf4": "4.6.0-150500.6.34.1",
            "warewulf4-reference-doc": "4.6.0-150500.6.34.1",
            "warewulf4-overlay": "4.6.0-150500.6.34.1",
            "warewulf4-dracut": "4.6.0-150500.6.34.1",
            "warewulf4-overlay-slurm": "4.6.0-150500.6.34.1",
            "warewulf4-man": "4.6.0-150500.6.34.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOS / warewulf4

Package

Name
warewulf4
Purl
pkg:rpm/suse/warewulf4&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.6.0-150500.6.34.1

Ecosystem specific 

{
    "binaries": [
        {
            "warewulf4": "4.6.0-150500.6.34.1",
            "warewulf4-reference-doc": "4.6.0-150500.6.34.1",
            "warewulf4-overlay": "4.6.0-150500.6.34.1",
            "warewulf4-dracut": "4.6.0-150500.6.34.1",
            "warewulf4-overlay-slurm": "4.6.0-150500.6.34.1",
            "warewulf4-man": "4.6.0-150500.6.34.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP5-LTSS / warewulf4

Package

Name
warewulf4
Purl
pkg:rpm/suse/warewulf4&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.6.0-150500.6.34.1

Ecosystem specific 

{
    "binaries": [
        {
            "warewulf4": "4.6.0-150500.6.34.1",
            "warewulf4-reference-doc": "4.6.0-150500.6.34.1",
            "warewulf4-overlay": "4.6.0-150500.6.34.1",
            "warewulf4-dracut": "4.6.0-150500.6.34.1",
            "warewulf4-overlay-slurm": "4.6.0-150500.6.34.1",
            "warewulf4-man": "4.6.0-150500.6.34.1"
        }
    ]
}

openSUSE:Leap 15.6 / warewulf4

Package

Name
warewulf4
Purl
pkg:rpm/opensuse/warewulf4&distro=openSUSE%20Leap%2015.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.6.0-150500.6.34.1

Ecosystem specific 

{
    "binaries": [
        {
            "warewulf4": "4.6.0-150500.6.34.1",
            "warewulf4-reference-doc": "4.6.0-150500.6.34.1",
            "warewulf4-overlay": "4.6.0-150500.6.34.1",
            "warewulf4-dracut": "4.6.0-150500.6.34.1",
            "warewulf4-overlay-slurm": "4.6.0-150500.6.34.1",
            "warewulf4-man": "4.6.0-150500.6.34.1"
        }
    ]
}