SUSE-SU-2023:4386-1

UNKNOWN

Security update for salt

Published Nov 9, 2023

Modified 2 years ago

Fix available

Details

This update for salt fixes the following issues:

Security issues fixed:

CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157)

Bugs fixed:

Fix optimization_order opt to prevent testsuite fails
Improve salt.utils.json.find_json to avoid fails (bsc#1213293)
Use salt-call from salt bundle with transactional_update
Only call native_str on curl_debug message in tornado when needed
Implement the calling for batch async from the salt CLI
Fix calculation of SLS context vars when trailing dots on targetted sls/state (bsc#1213518)
Rename salt-tests to python3-salt-testsuite
Allow all primitive grain types for autosign_grains (bsc#1214477)

Affected Packages(15 packages)

python3-salt

SUSE Linux Enterprise Micro 5.5SUSE Linux Enterprise Module for Basesystem 15 SP5openSUSE Leap 15.5

Fixed in:

3006.0-150500.4.24.2

salt

SUSE Linux Enterprise Micro 5.5SUSE Linux Enterprise Module for Basesystem 15 SP5SUSE Linux Enterprise Module for Server Applications 15 SP5SUSE Linux Enterprise Module for Transactional Server 15 SP5openSUSE Leap 15.5

Fixed in:

3006.0-150500.4.24.2

salt-minion

SUSE Linux Enterprise Micro 5.5SUSE Linux Enterprise Module for Basesystem 15 SP5openSUSE Leap 15.5

Fixed in:

3006.0-150500.4.24.2

salt-transactional-update

SUSE Linux Enterprise Micro 5.5SUSE Linux Enterprise Module for Transactional Server 15 SP5openSUSE Leap 15.5

Fixed in:

3006.0-150500.4.24.2

salt-bash-completion

SUSE Linux Enterprise Module for Basesystem 15 SP5openSUSE Leap 15.5