SUSE-SU-2021:1690-1

Source
https://www.suse.com/support/update/announcement/2021/suse-su-20211690-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:1690-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2021:1690-1
Related
Published
2021-05-21T14:42:41Z
Modified
2021-05-21T14:42:41Z
Summary
Security Beta update for Salt
Details

This update fixes the following issues:

salt:

  • Update to Salt release version 3002.2 (jsc#ECO-3212)
  • Drop support for Python2. Obsoletes 'python2-salt' package
  • Virt module updates
    • network: handle missing ipv4 netmask attribute
    • more network support
    • PCI/USB host devices passthrough support
  • Set distro requirement to oldest supported version in requirements/base.txt
  • Bring missing part of async batch implementation back
  • Always require python3-distro (bsc#1182293)
  • Remove deprecated warning that breaks minion execution when 'serveriduse_crc' opts is missing
  • Remove msgpack < 1.0.0 from base requirements (bsc#1176293)
  • Msgpack support for version >= 1.0.0 (bsc#1171257)
  • Fix issue parsing errors in ansiblegate state module
  • Prevent command injection in the snapper module (bsc#1185281) (CVE-2021-31607)
  • Transactional_update: detect recursion in the executor
  • Add subpackage salt-transactional-update
  • Remove duplicate directories from specfile
  • Improvements on 'ansiblegate' module (bsc#1185092):
    • New methods: ansible.targets / ansible.discover_playbooks
  • Add support for Alibaba Cloud Linux 2 (Aliyun Linux)
  • Regression fix of salt-ssh on processing targets
  • Update target fix for salt-ssh and avoiding race condition on salt-ssh event processing (bsc#1179831, bsc#1182281)
  • Add notify beacon for Debian/Ubuntu systems
  • Fix zmq bug that causes salt-call to freeze (bsc#1181368)
  • Add core grains support for AlmaLinux
  • Allow vendor change option with zypper
  • Virt: virtual network backports to Salt 3000
  • Do not monkey patch yaml loaders: Prevent breaking Ansible filter modules (bsc#1177474)
  • Only require python-certifi for CentOS7
  • Fix race conditions for corner cases when handling SIGTERM by minion (bsc#1172110)
  • Implementation of suse_ip execution module to prevent issues with network.managed (bsc#1099976)
  • Fix recursion false detection in payload (bsc#1180101)
  • Add sleep on exception handling on minion connection attempt to the master (bsc#1174855)
  • Allows for the VMware provider to handle CPU and memory hot-add in newer versions of the software. (bsc#1181347)
  • Always require python-certifi (used by salt.ext.tornado)
  • Exclude SLE 12 from requiring python-certifi
  • Do not crash when unexpected cmd output at listing patches (bsc#1181290)
  • Fix behavior for 'onlyif/unless' when multiple conditions (bsc#1180818)
  • Fix regression on cmd.run when passing tuples as cmd (bsc#1182740)
  • Allow extra_filerefs as sanitized kwargs for SSH client
  • Fix errors with virt.update
  • Fix for multiple for security issues (CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) (CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197) (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560) (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565)
  • Virt: search for grub.xen path
  • Xen spicevmc, DNS SRV records backports: Fix virtual network generated DNS XML for SRV records Don't add spicevmc channel to xen VMs
  • Virt UEFI fix: virt.update when efi=True
  • Revert wrong zypper patch to support vendorchanges flags on pkg.install
References

Affected packages