CVE-2021-21996: Exclude the full path of a download URL to prevent injection of malicious code. (bsc#1190265)
Affected Packages(15 packages)
python3-salt
SUSE Linux Enterprise Micro 5.1SUSE Linux Enterprise Module for Basesystem 15 SP3
Fixed in:
3002.2-50.1.15.1
salt
SUSE Linux Enterprise Micro 5.1SUSE Linux Enterprise Module for Basesystem 15 SP3SUSE Linux Enterprise Module for Server Applications 15 SP3SUSE Linux Enterprise Module for Transactional Server 15 SP3
Fixed in:
3002.2-50.1.15.1
salt-minion
SUSE Linux Enterprise Micro 5.1SUSE Linux Enterprise Module for Basesystem 15 SP3
Fixed in:
3002.2-50.1.15.1
salt-transactional-update
SUSE Linux Enterprise Micro 5.1SUSE Linux Enterprise Module for Transactional Server 15 SP3
Fixed in:
3002.2-50.1.15.1
salt-bash-completion
SUSE Linux Enterprise Module for Basesystem 15 SP3
Fixed in:
3002.2-50.1.15.1
salt-doc
SUSE Linux Enterprise Module for Basesystem 15 SP3
Fixed in:
3002.2-50.1.15.1
salt-zsh-completion
SUSE Linux Enterprise Module for Basesystem 15 SP3
Fixed in:
3002.2-50.1.15.1
salt-api
SUSE Linux Enterprise Module for Server Applications 15 SP3
Fixed in:
3002.2-50.1.15.1
salt-cloud
SUSE Linux Enterprise Module for Server Applications 15 SP3
Fixed in:
3002.2-50.1.15.1
salt-fish-completion
SUSE Linux Enterprise Module for Server Applications 15 SP3