SUSE-SU-2020:0684-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:0684-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2020:0684-1
- Related
- Published
- 2020-03-13T12:42:49Z
- Modified
- 2020-03-13T12:42:49Z
- Summary
- Security update for salt
- Details
-
This update for salt fixes the following issues:
- Avoid possible user escalation upgrading salt-master (bsc#1157465) (CVE-2019-18897)
- Fix unit tests failures in testbatchasync tests
- Batch Async: Handle exceptions, properly unregister and close instances after running async batching to avoid CPU starvation of the MWorkers (bsc#1162327)
- RHEL/CentOS 8 uses platform-python instead of python3
- New configuration option for selection of grains in the minion start event.
- Fix 'os_family' grain for Astra Linux Common Edition
- Fix for salt-api NET API where unauthenticated attacker could run arbitrary code (CVE-2019-17361) (bsc#1162504)
- Adds disabled parameter to mod_repo in aptpkg module Move token with atomic operation Bad API token files get deleted (bsc#1160931)
- Support for Btrfs and XFS in parted and mkfs added
- Adds listdownloaded for apt Module to enable pre-downloading support Adds virt.(pool|network)get_xml functions
- Various libvirt updates:
- Add virt.poolcapabilities function
- virt.poolrunning improvements
- Add virt.pooldeleted state
- virt.networkdefine allow adding IP configuration
- virt: adding kernel boot parameters to libvirt xml
- Fix to scheduler when data['run'] does not exist (bsc#1159118)
- Fix virt states to not fail on VMs already stopped
- Fix applying of attributes for returner rawfile_json (bsc#1158940)
- xfs: do not fail if type is not present (bsc#1153611)
- Fix errors when running virt.get_hypervisor function
- Align virt.full_info fixes with upstream Salt
- Fix for log checking in x509 test
- Read repo info without using interpolation (bsc#1135656)
- Limiting M2Crypto to >= SLE15
- Replacing pycrypto with M2Crypto (bsc#1165425)
- References
-
- https://www.suse.com/support/update/announcement/2020/suse-su-20200684-1/
- https://bugzilla.suse.com/1135656
- https://bugzilla.suse.com/1153611
- https://bugzilla.suse.com/1157465
- https://bugzilla.suse.com/1158940
- https://bugzilla.suse.com/1159118
- https://bugzilla.suse.com/1160931
- https://bugzilla.suse.com/1162327
- https://bugzilla.suse.com/1162504
- https://bugzilla.suse.com/1165425
- https://www.suse.com/security/cve/CVE-2019-17361
- https://www.suse.com/security/cve/CVE-2019-18897
Affected packages
SUSE:Linux Enterprise Module for Basesystem 15 SP1 / salt
Package
- Name
- salt
- Purl
- purl:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1
SUSE:Linux Enterprise Module for Python 2 15 SP1 / salt
Package
- Name
- salt
- Purl
- purl:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP1
SUSE:Linux Enterprise Module for Server Applications 15 SP1 / salt
Package
- Name
- salt
- Purl
- purl:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2019.2.0-6.24.1
Ecosystem specific
{
"binaries": [
{
"salt-cloud": "2019.2.0-6.24.1",
"salt-standalone-formulas-configuration": "2019.2.0-6.24.1",
"salt-syndic": "2019.2.0-6.24.1",
"salt-ssh": "2019.2.0-6.24.1",
"salt-master": "2019.2.0-6.24.1",
"salt-api": "2019.2.0-6.24.1",
"salt-proxy": "2019.2.0-6.24.1",
"salt-fish-completion": "2019.2.0-6.24.1"
}
]
}