SB2026022561 - SUSE update for Security update 5.1.2 for Multi-Linux Manager Client Tools

Security Bulletin ID SB2026022561

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Interpretation conflict (CVE-ID: CVE-2025-12816)

The vulnerability allows a remote attacker to bypass downstream cryptographic verification and security decisions.

The vulnerability exists due to incorrect validation of ASN.1 structures within the asn1.validate() function in forge/lib/asn1.js. A remote non-authenticated attacker can use specially crafted ASN.1 structures to desynchronize DER schema validations and bypass downstream cryptographic verification and security decisions.

2) Uncontrolled recursion (CVE-ID: CVE-2025-68156)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to uncontrolled recursion within the flatten, min, max, mean, and median function. A remote attacker can pass specially crafted input to the application and perform a denial of service attack.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2026/suse-su-20260630-1/

SB2026022561 - SUSE update for Security update 5.1.2 for Multi-Linux Manager Client Tools

Breakdown by Severity

Description

Remediation

References

Please verify you're human