Early Access — Mondoo Vulnerability Intelligence is currently in preview.

SUSE-SU-2022:1060-1

UNKNOWN

Security update for salt

Published Mar 30, 2022

Modified 3 years ago

Fix available

Details

This update for salt fixes the following issues:

CVE-2022-22935: Sign authentication replies to prevent MiTM (bsc#1197417)
CVE-2022-22934: Sign pillar data to prevent MiTM attacks. (bsc#1197417)
CVE-2022-22936: Prevent job and fileserver replays (bsc#1197417)
CVE-2022-22941: Fixed targeting bug, especially visible when using syndic and user auth. (bsc#1197417)

Affected Packages

SUSE:Enterprise Storage 7python3-salt

Fixed in:

3002.2-150200.58.1

SUSE:Enterprise Storage 7salt

Fixed in:

3002.2-150200.58.1

SUSE:Enterprise Storage 7salt-api

Fixed in:

3002.2-150200.58.1

SUSE:Enterprise Storage 7salt-bash-completion

Fixed in:

3002.2-150200.58.1

SUSE:Enterprise Storage 7salt-cloud

Fixed in:

3002.2-150200.58.1

SUSE:Enterprise Storage 7salt-doc

Fixed in:

3002.2-150200.58.1

SUSE:Enterprise Storage 7salt-fish-completion

Fixed in:

3002.2-150200.58.1

SUSE:Enterprise Storage 7salt-master

Fixed in:

3002.2-150200.58.1

SUSE:Enterprise Storage 7salt-minion

Fixed in:

3002.2-150200.58.1

SUSE:Enterprise Storage 7salt-proxy

Fixed in:

3002.2-150200.58.1

SUSE:Enterprise Storage 7salt-ssh

Fixed in:

3002.2-150200.58.1

SUSE:Enterprise Storage 7salt-standalone-formulas-configuration

Fixed in:

3002.2-150200.58.1

SUSE:Enterprise Storage 7salt-syndic

Fixed in:

3002.2-150200.58.1

SUSE:Enterprise Storage 7salt-transactional-update

Fixed in:

3002.2-150200.58.1

SUSE:Enterprise Storage 7salt-zsh-completion

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-ESPOSpython3-salt

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-ESPOSsalt

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-ESPOSsalt-api

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-ESPOSsalt-bash-completion

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-ESPOSsalt-cloud

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-ESPOSsalt-doc

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-ESPOSsalt-fish-completion

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-ESPOSsalt-master

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-ESPOSsalt-minion

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-ESPOSsalt-proxy

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-ESPOSsalt-ssh

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-ESPOSsalt-standalone-formulas-configuration

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-ESPOSsalt-syndic

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-ESPOSsalt-zsh-completion

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSpython3-salt

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSsalt

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSsalt-api

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSsalt-bash-completion

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSsalt-cloud

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSsalt-doc

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSsalt-fish-completion

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSsalt-master

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSsalt-minion

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSsalt-proxy

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSsalt-ssh

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSsalt-standalone-formulas-configuration

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSsalt-syndic

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSsalt-zsh-completion

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Micro 5.0python3-salt

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Micro 5.0salt

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Micro 5.0salt-minion

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Micro 5.0salt-transactional-update

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Real Time 15 SP2python3-salt

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Real Time 15 SP2salt

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Real Time 15 SP2salt-api

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Real Time 15 SP2salt-bash-completion

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Real Time 15 SP2salt-cloud

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Real Time 15 SP2salt-doc

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Real Time 15 SP2salt-fish-completion

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Real Time 15 SP2salt-master

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Real Time 15 SP2salt-minion

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Real Time 15 SP2salt-proxy

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Real Time 15 SP2salt-ssh

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Real Time 15 SP2salt-standalone-formulas-configuration

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Real Time 15 SP2salt-syndic

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Real Time 15 SP2salt-zsh-completion

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server 15 SP2-BCLpython3-salt

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server 15 SP2-BCLsalt

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server 15 SP2-BCLsalt-api

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server 15 SP2-BCLsalt-bash-completion

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server 15 SP2-BCLsalt-cloud

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server 15 SP2-BCLsalt-doc

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server 15 SP2-BCLsalt-fish-completion

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server 15 SP2-BCLsalt-master

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server 15 SP2-BCLsalt-minion

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server 15 SP2-BCLsalt-proxy

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server 15 SP2-BCLsalt-ssh

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server 15 SP2-BCLsalt-standalone-formulas-configuration

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server 15 SP2-BCLsalt-syndic

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server 15 SP2-BCLsalt-transactional-update

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server 15 SP2-BCLsalt-zsh-completion

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server 15 SP2-LTSSpython3-salt

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server 15 SP2-LTSSsalt

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server 15 SP2-LTSSsalt-api

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server 15 SP2-LTSSsalt-bash-completion

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server 15 SP2-LTSSsalt-cloud

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server 15 SP2-LTSSsalt-doc

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server 15 SP2-LTSSsalt-fish-completion

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server 15 SP2-LTSSsalt-master

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server 15 SP2-LTSSsalt-minion

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server 15 SP2-LTSSsalt-proxy

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server 15 SP2-LTSSsalt-ssh

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server 15 SP2-LTSSsalt-standalone-formulas-configuration

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server 15 SP2-LTSSsalt-syndic

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server 15 SP2-LTSSsalt-transactional-update

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server 15 SP2-LTSSsalt-zsh-completion

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP2python3-salt

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP2salt

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP2salt-api

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP2salt-bash-completion

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP2salt-cloud

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP2salt-doc

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP2salt-fish-completion

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP2salt-master

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP2salt-minion

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP2salt-proxy

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP2salt-ssh

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP2salt-standalone-formulas-configuration

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP2salt-syndic

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP2salt-transactional-update

Fixed in:

3002.2-150200.58.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP2salt-zsh-completion

Fixed in:

3002.2-150200.58.1

SUSE:Manager Proxy 4.1python3-salt

Fixed in:

3002.2-150200.58.1

SUSE:Manager Proxy 4.1salt

Fixed in:

3002.2-150200.58.1

SUSE:Manager Proxy 4.1salt-api

Fixed in:

3002.2-150200.58.1

SUSE:Manager Proxy 4.1salt-bash-completion

Fixed in:

3002.2-150200.58.1

SUSE:Manager Proxy 4.1salt-cloud

Fixed in:

3002.2-150200.58.1

SUSE:Manager Proxy 4.1salt-doc

Fixed in:

3002.2-150200.58.1

SUSE:Manager Proxy 4.1salt-fish-completion

Fixed in:

3002.2-150200.58.1

SUSE:Manager Proxy 4.1salt-master

Fixed in:

3002.2-150200.58.1

SUSE:Manager Proxy 4.1salt-minion

Fixed in:

3002.2-150200.58.1

SUSE:Manager Proxy 4.1salt-proxy

Fixed in:

3002.2-150200.58.1

SUSE:Manager Proxy 4.1salt-ssh

Fixed in:

3002.2-150200.58.1

SUSE:Manager Proxy 4.1salt-standalone-formulas-configuration

Fixed in:

3002.2-150200.58.1

SUSE:Manager Proxy 4.1salt-syndic

Fixed in:

3002.2-150200.58.1

SUSE:Manager Proxy 4.1salt-transactional-update

Fixed in:

3002.2-150200.58.1

SUSE:Manager Proxy 4.1salt-zsh-completion

Fixed in:

3002.2-150200.58.1

SUSE:Manager Retail Branch Server 4.1python3-salt

Fixed in:

3002.2-150200.58.1

SUSE:Manager Retail Branch Server 4.1salt

Fixed in:

3002.2-150200.58.1

SUSE:Manager Retail Branch Server 4.1salt-api

Fixed in:

3002.2-150200.58.1

SUSE:Manager Retail Branch Server 4.1salt-bash-completion

Fixed in:

3002.2-150200.58.1

SUSE:Manager Retail Branch Server 4.1salt-cloud

Fixed in:

3002.2-150200.58.1

SUSE:Manager Retail Branch Server 4.1salt-doc

Fixed in:

3002.2-150200.58.1

SUSE:Manager Retail Branch Server 4.1salt-fish-completion

Fixed in:

3002.2-150200.58.1

SUSE:Manager Retail Branch Server 4.1salt-master

Fixed in:

3002.2-150200.58.1

SUSE:Manager Retail Branch Server 4.1salt-minion

Fixed in:

3002.2-150200.58.1

SUSE:Manager Retail Branch Server 4.1salt-proxy

Fixed in:

3002.2-150200.58.1

SUSE:Manager Retail Branch Server 4.1salt-ssh

Fixed in:

3002.2-150200.58.1

SUSE:Manager Retail Branch Server 4.1salt-standalone-formulas-configuration

Fixed in:

3002.2-150200.58.1

SUSE:Manager Retail Branch Server 4.1salt-syndic

Fixed in:

3002.2-150200.58.1

SUSE:Manager Retail Branch Server 4.1salt-transactional-update

Fixed in:

3002.2-150200.58.1

SUSE:Manager Retail Branch Server 4.1salt-zsh-completion

Fixed in:

3002.2-150200.58.1

SUSE:Manager Server 4.1python3-salt

Fixed in:

3002.2-150200.58.1

SUSE:Manager Server 4.1salt

Fixed in:

3002.2-150200.58.1

SUSE:Manager Server 4.1salt-api

Fixed in:

3002.2-150200.58.1

SUSE:Manager Server 4.1salt-bash-completion

Fixed in:

3002.2-150200.58.1

SUSE:Manager Server 4.1salt-cloud

Fixed in:

3002.2-150200.58.1

SUSE:Manager Server 4.1salt-doc

Fixed in:

3002.2-150200.58.1

SUSE:Manager Server 4.1salt-fish-completion

Fixed in:

3002.2-150200.58.1

SUSE:Manager Server 4.1salt-master

Fixed in:

3002.2-150200.58.1

SUSE:Manager Server 4.1salt-minion

Fixed in:

3002.2-150200.58.1

SUSE:Manager Server 4.1salt-proxy

Fixed in:

3002.2-150200.58.1

SUSE:Manager Server 4.1salt-ssh

Fixed in:

3002.2-150200.58.1

SUSE:Manager Server 4.1salt-standalone-formulas-configuration

Fixed in:

3002.2-150200.58.1

SUSE:Manager Server 4.1salt-syndic

Fixed in:

3002.2-150200.58.1

SUSE:Manager Server 4.1salt-transactional-update

Fixed in:

3002.2-150200.58.1

SUSE:Manager Server 4.1salt-zsh-completion

Fixed in:

3002.2-150200.58.1

References

REPORThttps://bugzilla.suse.com/1197417 WEBhttps://www.suse.com/security/cve/CVE-2022-22934 WEBhttps://www.suse.com/security/cve/CVE-2022-22935 WEBhttps://www.suse.com/security/cve/CVE-2022-22936 WEBhttps://www.suse.com/security/cve/CVE-2022-22941 ADVISORYhttps://www.suse.com/support/update/announcement/2022/suse-su-20221060-1/

Upstream

CVE-2022-22934 CVE-2022-22935 CVE-2022-22936 CVE-2022-22941

Related

CVE-2022-22934 CVE-2022-22935 CVE-2022-22936 CVE-2022-22941

Ecosystems

SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Real Time 15 SP2 SUSE Linux Enterprise Server 15 SP2-BCL SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1

Timeline

PublishedMar 30, 2022

ModifiedMar 30, 2022

SUSE-SU-2022:1060-1 | Mondoo Vulnerability Intelligence