SUSE-SU-2022:1060-1 | Mondoo Vulnerability Intelligence

SUSE-SU-2022:1060-1

UNKNOWN

Security update for salt

Published Mar 30, 2022

Modified 3 years ago

Fix available

Details

This update for salt fixes the following issues:

CVE-2022-22935: Sign authentication replies to prevent MiTM (bsc#1197417)
CVE-2022-22934: Sign pillar data to prevent MiTM attacks. (bsc#1197417)
CVE-2022-22936: Prevent job and fileserver replays (bsc#1197417)
CVE-2022-22941: Fixed targeting bug, especially visible when using syndic and user auth. (bsc#1197417)

Affected Packages(15 packages)

python3-salt

SUSE Enterprise Storage 7SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP2-LTSSSUSE Linux Enterprise Micro 5.0SUSE Linux Enterprise Real Time 15 SP2

Fixed in:

3002.2-150200.58.1

salt

SUSE Enterprise Storage 7SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP2-LTSSSUSE Linux Enterprise Micro 5.0SUSE Linux Enterprise Real Time 15 SP2

Fixed in:

3002.2-150200.58.1

salt-api

SUSE Enterprise Storage 7SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP2-LTSSSUSE Linux Enterprise Real Time 15 SP2SUSE Linux Enterprise Server 15 SP2-BCL

Fixed in:

3002.2-150200.58.1

salt-bash-completion

SUSE Enterprise Storage 7SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP2-LTSSSUSE Linux Enterprise Real Time 15 SP2SUSE Linux Enterprise Server 15 SP2-BCL

Fixed in:

3002.2-150200.58.1

salt-cloud

SUSE Enterprise Storage 7SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP2-LTSSSUSE Linux Enterprise Real Time 15 SP2SUSE Linux Enterprise Server 15 SP2-BCL

Fixed in:

3002.2-150200.58.1

salt-doc

SUSE Enterprise Storage 7SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP2-LTSSSUSE Linux Enterprise Real Time 15 SP2SUSE Linux Enterprise Server 15 SP2-BCL

Fixed in:

3002.2-150200.58.1

salt-fish-completion

SUSE Enterprise Storage 7SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP2-LTSSSUSE Linux Enterprise Real Time 15 SP2SUSE Linux Enterprise Server 15 SP2-BCL

Fixed in:

3002.2-150200.58.1

salt-master

SUSE Enterprise Storage 7SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP2-LTSSSUSE Linux Enterprise Real Time 15 SP2SUSE Linux Enterprise Server 15 SP2-BCL

Fixed in:

3002.2-150200.58.1

salt-minion

SUSE Enterprise Storage 7SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP2-LTSSSUSE Linux Enterprise Micro 5.0SUSE Linux Enterprise Real Time 15 SP2

Fixed in:

3002.2-150200.58.1

salt-proxy

SUSE Enterprise Storage 7SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP2-LTSSSUSE Linux Enterprise Real Time 15 SP2SUSE Linux Enterprise Server 15 SP2-BCL

Fixed in:

3002.2-150200.58.1

References

https://bugzilla.suse.com/1197417

https://www.suse.com/security/cve/CVE-2022-22934

https://www.suse.com/security/cve/CVE-2022-22935

https://www.suse.com/security/cve/CVE-2022-22936

https://www.suse.com/security/cve/CVE-2022-22941

https://www.suse.com/support/update/announcement/2022/suse-su-20221060-1/

Upstream

CVE-2022-22934 CVE-2022-22935 CVE-2022-22936 CVE-2022-22941

Related

CVE-2022-22934 CVE-2022-22935 CVE-2022-22936 CVE-2022-22941

Ecosystems(11)

SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Real Time 15 SP2

Timeline

PublishedMar 30, 2022

ModifiedMar 30, 2022