SUSE-SU-2017:3380-1
- Source
- https://www.suse.com/support/update/announcement/2017/suse-su-20173380-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2017:3380-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2017:3380-1
- Upstream
- Related
- Published
- 2017-12-20T11:13:24Z
- Modified
- 2025-05-02T04:06:26.279229Z
- Summary
- Security update for Salt
- Details
-
This update for salt fixes one security issue and bugs.
The following security issues have been fixed:
- CVE-2017-14695: A directory traversal vulnerability in minion id validation allowed remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. (bsc#1062462)
- CVE-2017-14696: It was possible to force a remote Denial of Service with a specially crafted authentication request. (bsc#1062464)
Additionally, the following non-security issues have been fixed:
- Removed deprecation warning for beacon configuration using dictionaries. (bsc#1041993)
- Fixed beacons failure when pillar-based suppressing config-based. (bsc#1060230)
- Fixed minion resource exhaustion when many functions are being executed in parallel. (bsc#1059758)
- Remove 'TasksTask' attribute from salt-master.service in older versions of systemd. (bsc#985112)
- Fix for delete_deployment in Kubernetes module. (bsc#1059291)
- Catching error when PIDfile cannot be deleted. (bsc#1050003)
- Use $HOME to get the user home directory instead using '~' char. (bsc#1042749)
- References
-
- https://www.suse.com/support/update/announcement/2017/suse-su-20173380-1/
- https://bugzilla.suse.com/1041993
- https://bugzilla.suse.com/1042749
- https://bugzilla.suse.com/1050003
- https://bugzilla.suse.com/1059291
- https://bugzilla.suse.com/1059758
- https://bugzilla.suse.com/1060230
- https://bugzilla.suse.com/1062462
- https://bugzilla.suse.com/1062464
- https://bugzilla.suse.com/985112
- https://www.suse.com/security/cve/CVE-2017-14695
- https://www.suse.com/security/cve/CVE-2017-14696
Affected packages
SUSE:Enterprise Storage 3
salt
SUSE:Enterprise Storage 4
salt
SUSE:Enterprise Storage 5
salt
SUSE:Linux Enterprise Module for Advanced Systems Management 12
salt
Package
- Name
- salt
- Purl
- pkg:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Advanced%20Systems%20Management%2012
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2016.11.4-46.10.1
Ecosystem specific
{
"binaries": [
{
"salt-cloud": "2016.11.4-46.10.1",
"salt-zsh-completion": "2016.11.4-46.10.1",
"salt-api": "2016.11.4-46.10.1",
"salt-bash-completion": "2016.11.4-46.10.1",
"salt-ssh": "2016.11.4-46.10.1",
"salt-proxy": "2016.11.4-46.10.1",
"salt-doc": "2016.11.4-46.10.1",
"salt-master": "2016.11.4-46.10.1",
"salt-minion": "2016.11.4-46.10.1",
"salt-syndic": "2016.11.4-46.10.1",
"salt": "2016.11.4-46.10.1"
}
]
}SUSE:Linux Enterprise Point of Sale 12 SP2
salt
SUSE:Manager Client Tools 12
salt
SUSE:Manager Proxy 3.0
salt
Package
- Name
- salt
- Purl
- pkg:rpm/suse/salt&distro=SUSE%20Manager%20Proxy%203.0
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2016.11.4-46.10.1
Ecosystem specific
{
"binaries": [
{
"salt-zsh-completion": "2016.11.4-46.10.1",
"salt-api": "2016.11.4-46.10.1",
"salt-bash-completion": "2016.11.4-46.10.1",
"salt-ssh": "2016.11.4-46.10.1",
"salt-proxy": "2016.11.4-46.10.1",
"salt-doc": "2016.11.4-46.10.1",
"salt-master": "2016.11.4-46.10.1",
"salt-minion": "2016.11.4-46.10.1",
"salt-syndic": "2016.11.4-46.10.1",
"salt": "2016.11.4-46.10.1"
}
]
}SUSE:Manager Proxy 3.1
salt
SUSE:Manager Server 3.0
salt
Package
- Name
- salt
- Purl
- pkg:rpm/suse/salt&distro=SUSE%20Manager%20Server%203.0
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2016.11.4-46.10.1
Ecosystem specific
{
"binaries": [
{
"salt-zsh-completion": "2016.11.4-46.10.1",
"salt-api": "2016.11.4-46.10.1",
"salt-bash-completion": "2016.11.4-46.10.1",
"salt-ssh": "2016.11.4-46.10.1",
"salt-proxy": "2016.11.4-46.10.1",
"salt-doc": "2016.11.4-46.10.1",
"salt-master": "2016.11.4-46.10.1",
"salt-minion": "2016.11.4-46.10.1",
"salt-syndic": "2016.11.4-46.10.1",
"salt": "2016.11.4-46.10.1"
}
]
}SUSE:Manager Server 3.1
salt
Package
- Name
- salt
- Purl
- pkg:rpm/suse/salt&distro=SUSE%20Manager%20Server%203.1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2016.11.4-46.10.1
Ecosystem specific
{
"binaries": [
{
"salt-cloud": "2016.11.4-46.10.1",
"salt-zsh-completion": "2016.11.4-46.10.1",
"salt-api": "2016.11.4-46.10.1",
"salt-bash-completion": "2016.11.4-46.10.1",
"salt-ssh": "2016.11.4-46.10.1",
"salt-proxy": "2016.11.4-46.10.1",
"salt-doc": "2016.11.4-46.10.1",
"salt-master": "2016.11.4-46.10.1",
"salt-minion": "2016.11.4-46.10.1",
"salt-syndic": "2016.11.4-46.10.1",
"salt": "2016.11.4-46.10.1"
}
]
}