SUSE-SU-2024:0510-1 | Mondoo Vulnerability Intelligence

SUSE-SU-2024:0510-1

UNKNOWN

Security update for salt

Published Feb 15, 2024

Modified 2 years ago

Fix available

Details

This update for salt fixes the following issues:

Security issues fixed:

CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master (bsc#1219430)
CVE-2024-22232: Prevent directory traversal attacks in the master's serve_file method (bsc#1219431)

Bugs fixed:

Ensure that pillar refresh loads beacons from pillar without restart
Fix the aptpkg.py unit test failure
Prefer unittest.mock to python-mock in test suite
Enable 'KeepAlive' probes for Salt SSH executions (bsc#1211649)
Revert changes to set Salt configured user early in the stack (bsc#1216284)
Align behavior of some modules when using salt-call via symlink (bsc#1215963)
Fix gitfs 'env' and improve cache cleaning (bsc#1193948)
Remove python-boto dependency for the python3-salt-testsuite package for Tumbleweed

Affected Packages(15 packages)

python3-salt

SUSE Linux Enterprise Micro 5.5SUSE Linux Enterprise Module for Basesystem 15 SP5openSUSE Leap 15.5

Fixed in:

3006.0-150500.4.29.1

salt

SUSE Linux Enterprise Micro 5.5SUSE Linux Enterprise Module for Basesystem 15 SP5SUSE Linux Enterprise Module for Server Applications 15 SP5SUSE Linux Enterprise Module for Transactional Server 15 SP5openSUSE Leap 15.5

Fixed in:

3006.0-150500.4.29.1

salt-minion

SUSE Linux Enterprise Micro 5.5SUSE Linux Enterprise Module for Basesystem 15 SP5openSUSE Leap 15.5

Fixed in:

3006.0-150500.4.29.1

salt-transactional-update

SUSE Linux Enterprise Micro 5.5SUSE Linux Enterprise Module for Transactional Server 15 SP5openSUSE Leap 15.5

Fixed in:

3006.0-150500.4.29.1

salt-bash-completion

SUSE Linux Enterprise Module for Basesystem 15 SP5openSUSE Leap 15.5