SUSE-SU-2026:1012-1

Description of the patch:

This update fixes the following issues:

venv-salt-minion:

• Security issues fixed:

  • CVE-2025-67724: Fixed missing validation of supplied reason phrase (bsc#1254903)
  • CVE-2025-67725: Fixed DoS via malicious HTTP request (bsc#1254905)
  • CVE-2025-67726: Fixed HTTP header parameter parsing algorithm (bsc#1254904)
  • CVE-2025-62349: Added minimum_auth_version to enforce security (bsc#1254257)
  • CVE-2025-62348: Fixed Junos module yaml loader (bsc#1254256)
  • CVE-2025-13836: Set a safe limit to http.client response read (bsc#1254400)

• Fixed KeyError in postgres module with PostgreSQL 17 (bsc#1254325)

• Use internal deb classes instead of external aptsource lib

• Improved performance of wheel key.finger call (bsc#1240532)

• Improved performance of utils.find_json function (bsc#1246130)

• Extended warn_until period to 2027