This update fixes the following issues:
venv-salt-minion:
- Fix the regression caused by the patch removing strict requirement for
OpenSSL 1.1.1 leading to read/write issues with ssl module for
SLE 15, SLE 12, CentOS 7, Debian 9 (bsc#1198556)
- Fixes for Python 3.10
- Fix salt-ssh opts poisoning (bsc#1197637)
- Fix multiple security issues (bsc#1197417)
- CVE-2022-22935: Sign authentication replies to prevent MiTM
- CVE-2022-22934: Sign pillar data to prevent MiTM attacks.
- CVE-2022-22936: Prevent job and fileserver replays.
- CVE-2022-22941: Fixed targeting bug, especially visible when using syndic and user auth.
- Salt version bump to 3004
- Python version bump to 3.10.2
- CVE-2022-24302: unauthorized information disclosure for python-paramiko.
- CVE-2021-28957: XSS due to missing input sanitization in python-lxml.
- CVE-2018-19787: XSS attacks due to missing URLs sanitization in python-lxml.
- Security Fix: (bsc#1196249, bsc#1196877, CVE-2022-0778)
- Allow CRYPTOTHREADIDset_callback to be called with NULL parameter
- Infinite loop in BNmodsqrt() reachable when parsing certificates