SUSE-SU-2022:1514-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:1514-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2022:1514-1
- Related
- Published
- 2022-05-04T08:18:47Z
- Modified
- 2022-05-04T08:18:47Z
- Summary
- Security Beta update for SUSE Manager Salt Bundle
- Details
-
This update fixes the following issues:
venv-salt-minion:
- Fix the regression caused by the patch removing strict requirement for OpenSSL 1.1.1 leading to read/write issues with ssl module for SLE 15, SLE 12, CentOS 7, Debian 9 (bsc#1198556)
- Fixes for Python 3.10
- Fix salt-ssh opts poisoning (bsc#1197637)
- Fix multiple security issues (bsc#1197417)
- CVE-2022-22935: Sign authentication replies to prevent MiTM.
- CVE-2022-22934: Sign pillar data to prevent MiTM attacks.
- CVE-2022-22936: Prevent job and fileserver replays.
- CVE-2022-22941: Fixed targeting bug, especially visible when using syndic and user auth.
- Salt version bump to 3004
- Python version bump to 3.10.2
- References
-
- https://www.suse.com/support/update/announcement/2022/suse-su-20221514-1/
- https://bugzilla.suse.com/1197417
- https://bugzilla.suse.com/1197637
- https://bugzilla.suse.com/1198556
- https://www.suse.com/security/cve/CVE-2022-22934
- https://www.suse.com/security/cve/CVE-2022-22935
- https://www.suse.com/security/cve/CVE-2022-22936
- https://www.suse.com/security/cve/CVE-2022-22941