Early Access — Mondoo Vulnerability Intelligence is currently in preview.

SUSE-SU-2018:3862-1 | Mondoo Vulnerability Intelligence

SUSE-SU-2018:3862-1

UNKNOWN

Security update for salt

Published Nov 22, 2018

Modified 7 years ago

Fix available

Details

This update for salt fixes the following issues:

Security issues fixed:

CVE-2018-15750: Fixed directory traversal vulnerability in salt-api (bsc#1113698).
CVE-2018-15751: Fixed remote authentication bypass in salt-api(netapi) that allows to execute arbitrary commands (bsc#1113699).

Non-security issues fixed:

Improved handling of LDAP group id. gid is no longer treated as a string, which could have lead to faulty group creations (bsc#1113784).
Fix async call to process manager (bsc#1110938).
Fixed OS arch detection when RPM is not installed (bsc#1114197).

Affected Packages(13 packages)

python2-salt

SUSE Linux Enterprise Module for Advanced Systems Management 12SUSE Linux Enterprise Point of Sale 12 SP2SUSE Manager Client Tools 12SUSE Manager Proxy 3.0SUSE Manager Proxy 3.1

Fixed in:

2018.3.0-46.44.1

salt

SUSE Linux Enterprise Module for Advanced Systems Management 12SUSE Linux Enterprise Point of Sale 12 SP2SUSE Manager Client Tools 12SUSE Manager Proxy 3.0SUSE Manager Proxy 3.1

Fixed in:

2018.3.0-46.44.1

salt-api

SUSE Linux Enterprise Module for Advanced Systems Management 12SUSE Manager Proxy 3.0SUSE Manager Server 3.0SUSE Manager Server 3.1SUSE Manager Server 3.2

Fixed in:

2018.3.0-46.44.1

salt-bash-completion

SUSE Linux Enterprise Module for Advanced Systems Management 12SUSE Manager Proxy 3.0SUSE Manager Server 3.0SUSE Manager Server 3.1SUSE Manager Server 3.2

Fixed in:

2018.3.0-46.44.1

salt-cloud

SUSE Linux Enterprise Module for Advanced Systems Management 12SUSE Manager Server 3.1SUSE Manager Server 3.2

Fixed in:

2018.3.0-46.44.1

salt-doc

SUSE Linux Enterprise Module for Advanced Systems Management 12SUSE Manager Client Tools 12SUSE Manager Proxy 3.0SUSE Manager Server 3.0SUSE Manager Server 3.1

Fixed in:

2018.3.0-46.44.1

salt-master

SUSE Linux Enterprise Module for Advanced Systems Management 12SUSE Manager Proxy 3.0SUSE Manager Server 3.0SUSE Manager Server 3.1SUSE Manager Server 3.2

Fixed in:

2018.3.0-46.44.1

salt-minion

SUSE Linux Enterprise Module for Advanced Systems Management 12SUSE Linux Enterprise Point of Sale 12 SP2SUSE Manager Client Tools 12SUSE Manager Proxy 3.0SUSE Manager Proxy 3.1

Fixed in:

2018.3.0-46.44.1

salt-proxy

SUSE Linux Enterprise Module for Advanced Systems Management 12SUSE Manager Proxy 3.0SUSE Manager Server 3.0SUSE Manager Server 3.1SUSE Manager Server 3.2

Fixed in:

2018.3.0-46.44.1

salt-ssh

SUSE Linux Enterprise Module for Advanced Systems Management 12SUSE Manager Proxy 3.0SUSE Manager Server 3.0SUSE Manager Server 3.1SUSE Manager Server 3.2

Fixed in:

2018.3.0-46.44.1

Timeline

PublishedNov 22, 2018

ModifiedNov 22, 2018

SUSE-SU-2018:3862-1

Details

Affected Packages(13 packages)

References

Upstream

Related

Ecosystems(9)

Timeline