SUSE-SU-2021:3906-1

Source
https://www.suse.com/support/update/announcement/2021/suse-su-20213906-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:3906-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2021:3906-1
Related
Published
2021-12-03T11:04:20Z
Modified
2021-12-03T11:04:20Z
Summary
Security Beta update for Salt
Details

This update fixes the following issues:

salt:

  • Remove wrong parsecpe_name from grains.core
  • Prevent tracebacks if directory for cookie is missing
  • Fix file.find tracebacks with non utf8 file names (bsc#1190114)
  • Fix ip6_interface grain to not leak secondary IPv4 aliases (bsc#1191412)
  • Do not consider skipped targets as failed for ansible.playbooks state (bsc#1190446)
  • Fix traceback.*_exc() calls
  • Fix the regression of docker_container state module
  • Support querying for JSON data in external sql pillar
  • Exclude the full path of a download URL to prevent injection of malicious code (bsc#1190265) (CVE-2021-21996)
  • Fix wrong relative paths resolution with Jinja renderer when importing subdirectories
  • Fix python-MarkupSafe dependency (bsc#1189043)
  • Add missing aarch64 to rpm package architectures
  • Consolidate some state requisites (bsc#1188641)
  • Fix failing unit test for systemd
  • Fix error handling in openscap module (bsc#1188647)
  • Better handling of bad public keys from minions (bsc#1189040)
  • Define license macro as doc in spec file if not existing
  • Add standalone formulas configuration for salt minion and remove salt-master requirement (bsc#1168327)
  • Do noop for services states when running systemd in offline mode (bsc#1187787)
  • Transactional_updates: do not execute states in parallel but use a queue (bsc#1188170)
  • Handle 'master tops' data when states are applied by 'transactional_update' (bsc#1187787)
  • Enhance openscap module: add 'xccdf_eval' call
  • Virt: pass emulator when getting domain capabilities from libvirt
  • Implementation of held/unheld functions for state pkg (bsc#1187813)
  • Fix exception in yumpkg.remove for not installed package
  • Fix save for iptables state module (bsc#1185131)
  • Virt: use /dev/kvm to detect KVM
  • Zypperpkg: improve logic for handling vendorchange flags
  • Add bundled provides for tornado to the spec file
  • Enhance logging when inotify beacon is missing pyinotify (bsc#1186310)
  • Add 'python3-pyinotify' as a recommended package for Salt in SUSE/openSUSE distros
  • Check if dpkgnotify is executable (bsc#1186674)
  • Detect Python version to use inside container (bsc#1167586) (bsc#1164192)
  • Handle volumes on stopped pools in virt.vm_info (bsc#1186287)
  • Grains.extra: support old non-intel kernels (bsc#1180650)
  • Fix missing minion returns in batch mode (bsc#1184659)
References

Affected packages