SUSE-SU-2020:3155-1

Source
https://www.suse.com/support/update/announcement/2020/suse-su-20203155-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:3155-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2020:3155-1
Related
Published
2020-11-04T13:44:16Z
Modified
2020-11-04T13:44:16Z
Summary
Security update for salt
Details

This update for salt fixes the following issues:

  • Properly validate eauth credentials and tokens on SSH calls made by Salt API (bsc#1178319, bsc#1178362, bsc#1178361, CVE-2020-25592, CVE-2020-17490, CVE-2020-16846)
  • Fix disk.blkid to avoid unexpected keyword argument '_pubuser'. (bsc#1177867)
  • Ensure virt.update stoponreboot is updated with its default value.
  • Do not break package building for systemd OSes.
  • Drop wrong mock from chroot unit test.
  • Support systemd versions with dot. (bsc#1176294)
  • Fix for grains.test_core unit test.
  • Fix file/directory user and group ownership containing UTF-8 characters. (bsc#1176024)
  • Several changes to virtualization:
    • Fix virt update when cpu and memory are changed.
    • Memory Tuning GSoC.
    • Properly fix memory setting regression in virt.update.
    • Expose libvirt on_reboot in virt states.
  • Support transactional systems (MicroOS).
  • zypperpkg module ignores retcode 104 for search(). (bsc#1159670)
  • Xen disk fixes. No longer generates volumes for Xen disks, but the corresponding file or block disk. (bsc#1175987)
  • Invalidate file list cache when cache file modified time is in the future. (bsc#1176397)
  • Prevent import errors when running test_btrfs unit tests.
References

Affected packages

SUSE:Linux Enterprise Module for Basesystem 15 SP2 / salt

Package

Name
salt
Purl
purl:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3000-4.20.1

Ecosystem specific

{
    "binaries": [
        {
            "python3-salt": "3000-4.20.1",
            "salt-zsh-completion": "3000-4.20.1",
            "salt-doc": "3000-4.20.1",
            "salt-bash-completion": "3000-4.20.1",
            "salt-minion": "3000-4.20.1",
            "salt": "3000-4.20.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Python 2 15 SP2 / salt

Package

Name
salt
Purl
purl:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3000-4.20.1

Ecosystem specific

{
    "binaries": [
        {
            "python2-salt": "3000-4.20.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Server Applications 15 SP2 / salt

Package

Name
salt
Purl
purl:rpm/suse/salt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3000-4.20.1

Ecosystem specific

{
    "binaries": [
        {
            "salt-cloud": "3000-4.20.1",
            "salt-standalone-formulas-configuration": "3000-4.20.1",
            "salt-syndic": "3000-4.20.1",
            "salt-ssh": "3000-4.20.1",
            "salt-master": "3000-4.20.1",
            "salt-api": "3000-4.20.1",
            "salt-proxy": "3000-4.20.1",
            "salt-fish-completion": "3000-4.20.1"
        }
    ]
}