SUSE-SU-2021:3550-1

Details

This update fixes the following issues:

salt:

Fix the regression of docker_container state module
Support querying for JSON data in external sql pillar
Exclude the full path of a download URL to prevent injection of malicious code (bsc#1190265) (CVE-2021-21996)
Fix wrong relative paths resolution with Jinja renderer when importing subdirectories

Affected Packages(14 packages)

python2-salt

SUSE Linux Enterprise Module for Advanced Systems Management 12SUSE Manager Client Tools 12

Fixed in:

3000-46.151.2

salt

SUSE Linux Enterprise Module for Advanced Systems Management 12SUSE Manager Client Tools 12

Fixed in:

3000-46.151.2

salt-api

SUSE Linux Enterprise Module for Advanced Systems Management 12

Fixed in:

3000-46.151.2

salt-bash-completion

SUSE Linux Enterprise Module for Advanced Systems Management 12

Fixed in:

3000-46.151.2

salt-cloud

SUSE Linux Enterprise Module for Advanced Systems Management 12

Fixed in:

3000-46.151.2

salt-doc

SUSE Linux Enterprise Module for Advanced Systems Management 12SUSE Manager Client Tools 12

Fixed in:

3000-46.151.2

salt-master

SUSE Linux Enterprise Module for Advanced Systems Management 12

Fixed in:

3000-46.151.2

salt-minion

SUSE Linux Enterprise Module for Advanced Systems Management 12SUSE Manager Client Tools 12

Fixed in:

3000-46.151.2

salt-proxy

SUSE Linux Enterprise Module for Advanced Systems Management 12

Fixed in:

3000-46.151.2

salt-ssh

SUSE Linux Enterprise Module for Advanced Systems Management 12

Fixed in:

3000-46.151.2

References

REPORT

https://bugzilla.suse.com/1190265

WEB

https://www.suse.com/security/cve/CVE-2021-21996

ADVISORY

https://www.suse.com/support/update/announcement/2021/suse-su-20213550-1/