SUSE-SU-2022:3172-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2022/suse-su-20223172-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:3172-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2022:3172-1
Upstream
Related
Published
2022-09-08T07:29:45Z
Modified
2025-05-02T04:32:45.269171Z
Summary
Security update for SUSE Manager Salt Bundle
Details

This update fixes the following issues:

venv-salt-minion:

  • Add support for gpgautoimport in zypperpkg module
  • Update Salt to work with Jinja >= and <= 3.1.0 (bsc#1198744)
  • Fix salt.states.file.managed() for follow_symlinks=True and test=True (bsc#1199372)
  • Make Salt 3004 compatible with pyzmq >= 23.0.0 (bsc#1201082)
  • Add support for name, pkgs and diff_attr parameters to upgrade function for zypper and yum (bsc#1198489)
  • Fix possible errors on running post install script if semanage is present on the system, but SELinux is not configured
  • Remove unused imports in the venv wrappers
  • Set VENVPIPTARGET to /var/lib/venv-salt-minion/local to force PIP use it as the destination to install modules
  • Fix ownership of salt thin directory when using the Salt Bundle
  • Set default target for pip from VENVPIPTARGET environment variable
  • Normalize package names once with pkg.installed/removed using yum (bsc#1195895)
  • Save log to logfile with docker.build
  • Use Salt Bundle in dockermod
  • Ignore errors on reading license files with dpkg_lowpkg (bsc#1197288)
  • Fix PAM auth issue due missing check for PAMACCTMGM return value (CVE-2022-22967) (bsc#1200566)
References

Affected packages

SUSE:Manager Client Tools 15 / venv-salt-minion

Package

Name
venv-salt-minion
Purl
pkg:rpm/suse/venv-salt-minion&distro=SUSE%20Manager%20Client%20Tools%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3004-150000.3.11.1

Ecosystem specific 

{
    "binaries": [
        {
            "venv-salt-minion": "3004-150000.3.11.1"
        }
    ]
}

SUSE:Manager Proxy Module 4.3 / venv-salt-minion

Package

Name
venv-salt-minion
Purl
pkg:rpm/suse/venv-salt-minion&distro=SUSE%20Manager%20Proxy%20Module%204.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3004-150000.3.11.1

Ecosystem specific 

{
    "binaries": [
        {
            "venv-salt-minion": "3004-150000.3.11.1"
        }
    ]
}

SUSE:Manager Server Module 4.3 / venv-salt-minion

Package

Name
venv-salt-minion
Purl
pkg:rpm/suse/venv-salt-minion&distro=SUSE%20Manager%20Server%20Module%204.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3004-150000.3.11.1

Ecosystem specific 

{
    "binaries": [
        {
            "venv-salt-minion": "3004-150000.3.11.1"
        }
    ]
}