SUSE-SU-2024:1518-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2024/suse-su-20241518-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:1518-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2024:1518-1
Upstream
  • CVE-2024-22231
  • CVE-2024-22232
Related
  • CVE-2024-22231
  • CVE-2024-22232
Published
2024-05-06T09:49:26Z
Modified
2025-05-02T04:36:26.348491Z
Summary
Security update for SUSE Manager Salt Bundle
Details

This update fixes the following issues:

venv-salt-minion:

  • Security issues fixed:

    • CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master (bsc#1219430)
    • CVE-2024-22232: Prevent directory traversal attacks in the master's serve_file method (bsc#1219431)

  • Bugs fixed:

    • Convert oscap output to UTF-8
    • Make Salt compatible with Python 3.11
    • Ignore non-ascii chars in oscap output (bsc#1219001)
    • Fix detected issues in Salt tests when running on VMs
    • Make importing seco.range thread safe (bsc#1211649)
    • Fix problematic tests and allow smooth tests executions on containers
    • Discover Ansible playbook files as '.yml' or '.yaml' files (bsc#1211888)
    • Prevent exceptions with fileserver.update when called via state (bsc#1218482)
    • Improve pip target override condition with VENVPIPTARGET environment variable (bsc#1216850)
    • Fixed KeyError in logs when running a state that fails
References

Affected packages

SUSE:Manager Client Tools 15 / venv-salt-minion

Package

Name
venv-salt-minion
Purl
pkg:rpm/suse/venv-salt-minion&distro=SUSE%20Manager%20Client%20Tools%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3006.0-150000.3.54.3

Ecosystem specific 

{
    "binaries": [
        {
            "venv-salt-minion": "3006.0-150000.3.54.3"
        }
    ]
}

SUSE:Manager Client Tools for SLE Micro 5 / venv-salt-minion

Package

Name
venv-salt-minion
Purl
pkg:rpm/suse/venv-salt-minion&distro=SUSE%20Manager%20Client%20Tools%20for%20SLE%20Micro%205

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3006.0-150000.3.54.3

Ecosystem specific 

{
    "binaries": [
        {
            "venv-salt-minion": "3006.0-150000.3.54.3"
        }
    ]
}

SUSE:Manager Proxy Module 4.3 / venv-salt-minion

Package

Name
venv-salt-minion
Purl
pkg:rpm/suse/venv-salt-minion&distro=SUSE%20Manager%20Proxy%20Module%204.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3006.0-150000.3.54.3

Ecosystem specific 

{
    "binaries": [
        {
            "venv-salt-minion": "3006.0-150000.3.54.3"
        }
    ]
}

SUSE:Manager Server Module 4.3 / venv-salt-minion

Package

Name
venv-salt-minion
Purl
pkg:rpm/suse/venv-salt-minion&distro=SUSE%20Manager%20Server%20Module%204.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3006.0-150000.3.54.3

Ecosystem specific 

{
    "binaries": [
        {
            "venv-salt-minion": "3006.0-150000.3.54.3"
        }
    ]
}