SUSE-SU-2024:4029-1

Source
https://www.suse.com/support/update/announcement/2024/suse-su-20244029-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:4029-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2024:4029-1
Related
Published
2024-11-18T13:29:50Z
Modified
2024-11-18T13:29:50Z
Summary
Security update for SUSE Manager Salt Bundle
Details

This update fixes the following issues:

venv-salt-minion:

  • Security fixes on Python 3.11 interpreter:

    • CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes (bsc#1229873, bsc#1230059)
    • CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Path (bsc#1229704, bsc#1230058)
    • CVE-2024-6923: Prevent email header injection due to unquoted newlines (bsc#1228780)
    • CVE-2024-4032: Rearranging definition of private global IP addresses (bsc#1226448)
    • CVE-2024-0397: ssl.SSLContext.certstorestats() and ssl.SSLContext.getcacerts() now correctly lock access to the certificate store, when the ssl.SSLContext is shared across multiple threads (bsc#1226447)
  • Security fixes on Python dependencies:

    • CVE-2024-5569: zipp: Fixed a Denial of Service (DoS) vulnerability in the jaraco/zipp library (bsc#1227547, bsc#1229996)
    • CVE-2024-6345: setuptools: Sanitize any VCS URL used for download (bsc#1228105, bsc#1229995)
    • CVE-2024-3651: idna: Fix a potential DoS via resource consumption via specially crafted inputs to idna.encode() (bsc#1222842, bsc#1229994)
    • CVE-2024-37891: urllib3: Added the Proxy-Authorization header to the list of headers to strip from requests when redirecting to a different host (bsc#1226469, bsc#1229654)
  • Other bugs fixed:

    • Fixed failing x509 tests with OpenSSL < 1.1
    • Avoid explicit reading of /etc/salt/minion (bsc#1220357)
    • Allow NamedLoaderContexts to be returned from loader
    • Reverted the change making reactor less blocking (bsc#1230322)
    • Use --cachedir for extension_modules in salt-call (bsc#1226141)
    • Prevent using SyncWrapper with no reason
    • Enable poststartcleanup.sh to work in a transaction
    • Fixed the SELinux context for Salt Minion service (bsc#1219041)
    • Increase warnuntildate date for code we still support
    • Avoid crash on wrong output of systemctl version (bsc#1229539)
    • Improved error handling with different OpenSSL versions
    • Fixed cloud Minion configuration for multiple Masters (bsc#1229109)
    • Use Pygit2 id instead of deprecated oid in gitfs
    • Added passlib Python module to the bundle
References

Affected packages

SUSE:EL-9:Update:Products:SaltBundle:Update / saltbundlepy

Package

Name
saltbundlepy
Purl
pkg:rpm/suse/saltbundlepy&distro=SUSE:EL-9:Update:Products:SaltBundle:Update

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.11.9-1.26.1

Ecosystem specific

{
    "binaries": [
        {
            "saltbundlepy-base": "3.11.9-1.26.1",
            "saltbundlepy-passlib": "1.7.4-1.3.1",
            "saltbundlepy-libs": "3.11.9-1.26.1",
            "saltbundlepy-tools": "3.11.9-1.26.1",
            "saltbundlepy-curses": "3.11.9-1.26.1",
            "saltbundlepy-urllib3": "2.0.7-1.12.1",
            "venv-salt-minion": "3006.0-1.47.1",
            "saltbundlepy-docker": "7.0.0-1.8.1",
            "saltbundlepy-zipp": "3.15.0-1.9.2",
            "saltbundlepy-setuptools": "67.7.2-1.12.1",
            "saltbundlepy-dbm": "3.11.9-1.26.1",
            "saltbundlepy": "3.11.9-1.26.1",
            "saltbundlepy-devel": "3.11.9-1.26.1",
            "saltbundlepy-cryptography": "3.3.2-1.18.1",
            "saltbundlepy-testsuite": "3.11.9-1.26.1",
            "saltbundlepy-idna": "3.4-1.9.2"
        }
    ]
}

SUSE:EL-9:Update:Products:SaltBundle:Update / saltbundlepy-core

Package

Name
saltbundlepy-core
Purl
pkg:rpm/suse/saltbundlepy-core&distro=SUSE:EL-9:Update:Products:SaltBundle:Update

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.11.9-1.26.1

Ecosystem specific

{
    "binaries": [
        {
            "saltbundlepy-base": "3.11.9-1.26.1",
            "saltbundlepy-passlib": "1.7.4-1.3.1",
            "saltbundlepy-libs": "3.11.9-1.26.1",
            "saltbundlepy-tools": "3.11.9-1.26.1",
            "saltbundlepy-curses": "3.11.9-1.26.1",
            "saltbundlepy-urllib3": "2.0.7-1.12.1",
            "venv-salt-minion": "3006.0-1.47.1",
            "saltbundlepy-docker": "7.0.0-1.8.1",
            "saltbundlepy-zipp": "3.15.0-1.9.2",
            "saltbundlepy-setuptools": "67.7.2-1.12.1",
            "saltbundlepy-dbm": "3.11.9-1.26.1",
            "saltbundlepy": "3.11.9-1.26.1",
            "saltbundlepy-devel": "3.11.9-1.26.1",
            "saltbundlepy-cryptography": "3.3.2-1.18.1",
            "saltbundlepy-testsuite": "3.11.9-1.26.1",
            "saltbundlepy-idna": "3.4-1.9.2"
        }
    ]
}

SUSE:EL-9:Update:Products:SaltBundle:Update / saltbundlepy-cryptography

Package

Name
saltbundlepy-cryptography
Purl
pkg:rpm/suse/saltbundlepy-cryptography&distro=SUSE:EL-9:Update:Products:SaltBundle:Update

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.3.2-1.18.1

Ecosystem specific

{
    "binaries": [
        {
            "saltbundlepy-base": "3.11.9-1.26.1",
            "saltbundlepy-passlib": "1.7.4-1.3.1",
            "saltbundlepy-libs": "3.11.9-1.26.1",
            "saltbundlepy-tools": "3.11.9-1.26.1",
            "saltbundlepy-curses": "3.11.9-1.26.1",
            "saltbundlepy-urllib3": "2.0.7-1.12.1",
            "venv-salt-minion": "3006.0-1.47.1",
            "saltbundlepy-docker": "7.0.0-1.8.1",
            "saltbundlepy-zipp": "3.15.0-1.9.2",
            "saltbundlepy-setuptools": "67.7.2-1.12.1",
            "saltbundlepy-dbm": "3.11.9-1.26.1",
            "saltbundlepy": "3.11.9-1.26.1",
            "saltbundlepy-devel": "3.11.9-1.26.1",
            "saltbundlepy-cryptography": "3.3.2-1.18.1",
            "saltbundlepy-testsuite": "3.11.9-1.26.1",
            "saltbundlepy-idna": "3.4-1.9.2"
        }
    ]
}

SUSE:EL-9:Update:Products:SaltBundle:Update / saltbundlepy-docker

Package

Name
saltbundlepy-docker
Purl
pkg:rpm/suse/saltbundlepy-docker&distro=SUSE:EL-9:Update:Products:SaltBundle:Update

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.0.0-1.8.1

Ecosystem specific

{
    "binaries": [
        {
            "saltbundlepy-base": "3.11.9-1.26.1",
            "saltbundlepy-passlib": "1.7.4-1.3.1",
            "saltbundlepy-libs": "3.11.9-1.26.1",
            "saltbundlepy-tools": "3.11.9-1.26.1",
            "saltbundlepy-curses": "3.11.9-1.26.1",
            "saltbundlepy-urllib3": "2.0.7-1.12.1",
            "venv-salt-minion": "3006.0-1.47.1",
            "saltbundlepy-docker": "7.0.0-1.8.1",
            "saltbundlepy-zipp": "3.15.0-1.9.2",
            "saltbundlepy-setuptools": "67.7.2-1.12.1",
            "saltbundlepy-dbm": "3.11.9-1.26.1",
            "saltbundlepy": "3.11.9-1.26.1",
            "saltbundlepy-devel": "3.11.9-1.26.1",
            "saltbundlepy-cryptography": "3.3.2-1.18.1",
            "saltbundlepy-testsuite": "3.11.9-1.26.1",
            "saltbundlepy-idna": "3.4-1.9.2"
        }
    ]
}

SUSE:EL-9:Update:Products:SaltBundle:Update / saltbundlepy-idna

Package

Name
saltbundlepy-idna
Purl
pkg:rpm/suse/saltbundlepy-idna&distro=SUSE:EL-9:Update:Products:SaltBundle:Update

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4-1.9.2

Ecosystem specific

{
    "binaries": [
        {
            "saltbundlepy-base": "3.11.9-1.26.1",
            "saltbundlepy-passlib": "1.7.4-1.3.1",
            "saltbundlepy-libs": "3.11.9-1.26.1",
            "saltbundlepy-tools": "3.11.9-1.26.1",
            "saltbundlepy-curses": "3.11.9-1.26.1",
            "saltbundlepy-urllib3": "2.0.7-1.12.1",
            "venv-salt-minion": "3006.0-1.47.1",
            "saltbundlepy-docker": "7.0.0-1.8.1",
            "saltbundlepy-zipp": "3.15.0-1.9.2",
            "saltbundlepy-setuptools": "67.7.2-1.12.1",
            "saltbundlepy-dbm": "3.11.9-1.26.1",
            "saltbundlepy": "3.11.9-1.26.1",
            "saltbundlepy-devel": "3.11.9-1.26.1",
            "saltbundlepy-cryptography": "3.3.2-1.18.1",
            "saltbundlepy-testsuite": "3.11.9-1.26.1",
            "saltbundlepy-idna": "3.4-1.9.2"
        }
    ]
}

SUSE:EL-9:Update:Products:SaltBundle:Update / saltbundlepy-passlib

Package

Name
saltbundlepy-passlib
Purl
pkg:rpm/suse/saltbundlepy-passlib&distro=SUSE:EL-9:Update:Products:SaltBundle:Update

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.4-1.3.1

Ecosystem specific

{
    "binaries": [
        {
            "saltbundlepy-base": "3.11.9-1.26.1",
            "saltbundlepy-passlib": "1.7.4-1.3.1",
            "saltbundlepy-libs": "3.11.9-1.26.1",
            "saltbundlepy-tools": "3.11.9-1.26.1",
            "saltbundlepy-curses": "3.11.9-1.26.1",
            "saltbundlepy-urllib3": "2.0.7-1.12.1",
            "venv-salt-minion": "3006.0-1.47.1",
            "saltbundlepy-docker": "7.0.0-1.8.1",
            "saltbundlepy-zipp": "3.15.0-1.9.2",
            "saltbundlepy-setuptools": "67.7.2-1.12.1",
            "saltbundlepy-dbm": "3.11.9-1.26.1",
            "saltbundlepy": "3.11.9-1.26.1",
            "saltbundlepy-devel": "3.11.9-1.26.1",
            "saltbundlepy-cryptography": "3.3.2-1.18.1",
            "saltbundlepy-testsuite": "3.11.9-1.26.1",
            "saltbundlepy-idna": "3.4-1.9.2"
        }
    ]
}

SUSE:EL-9:Update:Products:SaltBundle:Update / saltbundlepy-passlib-test

Package

Name
saltbundlepy-passlib-test
Purl
pkg:rpm/suse/saltbundlepy-passlib-test&distro=SUSE:EL-9:Update:Products:SaltBundle:Update

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.4-1.3.1

Ecosystem specific

{
    "binaries": [
        {
            "saltbundlepy-base": "3.11.9-1.26.1",
            "saltbundlepy-passlib": "1.7.4-1.3.1",
            "saltbundlepy-libs": "3.11.9-1.26.1",
            "saltbundlepy-tools": "3.11.9-1.26.1",
            "saltbundlepy-curses": "3.11.9-1.26.1",
            "saltbundlepy-urllib3": "2.0.7-1.12.1",
            "venv-salt-minion": "3006.0-1.47.1",
            "saltbundlepy-docker": "7.0.0-1.8.1",
            "saltbundlepy-zipp": "3.15.0-1.9.2",
            "saltbundlepy-setuptools": "67.7.2-1.12.1",
            "saltbundlepy-dbm": "3.11.9-1.26.1",
            "saltbundlepy": "3.11.9-1.26.1",
            "saltbundlepy-devel": "3.11.9-1.26.1",
            "saltbundlepy-cryptography": "3.3.2-1.18.1",
            "saltbundlepy-testsuite": "3.11.9-1.26.1",
            "saltbundlepy-idna": "3.4-1.9.2"
        }
    ]
}

SUSE:EL-9:Update:Products:SaltBundle:Update / saltbundlepy-setuptools

Package

Name
saltbundlepy-setuptools
Purl
pkg:rpm/suse/saltbundlepy-setuptools&distro=SUSE:EL-9:Update:Products:SaltBundle:Update

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
67.7.2-1.12.1

Ecosystem specific

{
    "binaries": [
        {
            "saltbundlepy-base": "3.11.9-1.26.1",
            "saltbundlepy-passlib": "1.7.4-1.3.1",
            "saltbundlepy-libs": "3.11.9-1.26.1",
            "saltbundlepy-tools": "3.11.9-1.26.1",
            "saltbundlepy-curses": "3.11.9-1.26.1",
            "saltbundlepy-urllib3": "2.0.7-1.12.1",
            "venv-salt-minion": "3006.0-1.47.1",
            "saltbundlepy-docker": "7.0.0-1.8.1",
            "saltbundlepy-zipp": "3.15.0-1.9.2",
            "saltbundlepy-setuptools": "67.7.2-1.12.1",
            "saltbundlepy-dbm": "3.11.9-1.26.1",
            "saltbundlepy": "3.11.9-1.26.1",
            "saltbundlepy-devel": "3.11.9-1.26.1",
            "saltbundlepy-cryptography": "3.3.2-1.18.1",
            "saltbundlepy-testsuite": "3.11.9-1.26.1",
            "saltbundlepy-idna": "3.4-1.9.2"
        }
    ]
}

SUSE:EL-9:Update:Products:SaltBundle:Update / saltbundlepy-urllib3

Package

Name
saltbundlepy-urllib3
Purl
pkg:rpm/suse/saltbundlepy-urllib3&distro=SUSE:EL-9:Update:Products:SaltBundle:Update

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.7-1.12.1

Ecosystem specific

{
    "binaries": [
        {
            "saltbundlepy-base": "3.11.9-1.26.1",
            "saltbundlepy-passlib": "1.7.4-1.3.1",
            "saltbundlepy-libs": "3.11.9-1.26.1",
            "saltbundlepy-tools": "3.11.9-1.26.1",
            "saltbundlepy-curses": "3.11.9-1.26.1",
            "saltbundlepy-urllib3": "2.0.7-1.12.1",
            "venv-salt-minion": "3006.0-1.47.1",
            "saltbundlepy-docker": "7.0.0-1.8.1",
            "saltbundlepy-zipp": "3.15.0-1.9.2",
            "saltbundlepy-setuptools": "67.7.2-1.12.1",
            "saltbundlepy-dbm": "3.11.9-1.26.1",
            "saltbundlepy": "3.11.9-1.26.1",
            "saltbundlepy-devel": "3.11.9-1.26.1",
            "saltbundlepy-cryptography": "3.3.2-1.18.1",
            "saltbundlepy-testsuite": "3.11.9-1.26.1",
            "saltbundlepy-idna": "3.4-1.9.2"
        }
    ]
}

SUSE:EL-9:Update:Products:SaltBundle:Update / saltbundlepy-zipp

Package

Name
saltbundlepy-zipp
Purl
pkg:rpm/suse/saltbundlepy-zipp&distro=SUSE:EL-9:Update:Products:SaltBundle:Update

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.15.0-1.9.2

Ecosystem specific

{
    "binaries": [
        {
            "saltbundlepy-base": "3.11.9-1.26.1",
            "saltbundlepy-passlib": "1.7.4-1.3.1",
            "saltbundlepy-libs": "3.11.9-1.26.1",
            "saltbundlepy-tools": "3.11.9-1.26.1",
            "saltbundlepy-curses": "3.11.9-1.26.1",
            "saltbundlepy-urllib3": "2.0.7-1.12.1",
            "venv-salt-minion": "3006.0-1.47.1",
            "saltbundlepy-docker": "7.0.0-1.8.1",
            "saltbundlepy-zipp": "3.15.0-1.9.2",
            "saltbundlepy-setuptools": "67.7.2-1.12.1",
            "saltbundlepy-dbm": "3.11.9-1.26.1",
            "saltbundlepy": "3.11.9-1.26.1",
            "saltbundlepy-devel": "3.11.9-1.26.1",
            "saltbundlepy-cryptography": "3.3.2-1.18.1",
            "saltbundlepy-testsuite": "3.11.9-1.26.1",
            "saltbundlepy-idna": "3.4-1.9.2"
        }
    ]
}

SUSE:EL-9:Update:Products:SaltBundle:Update / venv-salt-minion

Package

Name
venv-salt-minion
Purl
pkg:rpm/suse/venv-salt-minion&distro=SUSE:EL-9:Update:Products:SaltBundle:Update

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3006.0-1.47.1

Ecosystem specific

{
    "binaries": [
        {
            "saltbundlepy-base": "3.11.9-1.26.1",
            "saltbundlepy-passlib": "1.7.4-1.3.1",
            "saltbundlepy-libs": "3.11.9-1.26.1",
            "saltbundlepy-tools": "3.11.9-1.26.1",
            "saltbundlepy-curses": "3.11.9-1.26.1",
            "saltbundlepy-urllib3": "2.0.7-1.12.1",
            "venv-salt-minion": "3006.0-1.47.1",
            "saltbundlepy-docker": "7.0.0-1.8.1",
            "saltbundlepy-zipp": "3.15.0-1.9.2",
            "saltbundlepy-setuptools": "67.7.2-1.12.1",
            "saltbundlepy-dbm": "3.11.9-1.26.1",
            "saltbundlepy": "3.11.9-1.26.1",
            "saltbundlepy-devel": "3.11.9-1.26.1",
            "saltbundlepy-cryptography": "3.3.2-1.18.1",
            "saltbundlepy-testsuite": "3.11.9-1.26.1",
            "saltbundlepy-idna": "3.4-1.9.2"
        }
    ]
}

SUSE:Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS / venv-salt-minion

Package

Name
venv-salt-minion
Purl
pkg:rpm/suse/venv-salt-minion&distro=SUSE%20Manager%20Client%20Tools%20for%20RHEL,%20Liberty%20and%20Clones%209-CLIENT-TOOLS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3006.0-1.47.1

Ecosystem specific

{
    "binaries": [
        {
            "venv-salt-minion": "3006.0-1.47.1"
        }
    ]
}