openSUSE-SU-2021:0899-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:0899-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/openSUSE-SU-2021:0899-1
- Related
- Published
- 2021-06-23T12:34:14Z
- Modified
- 2021-06-23T12:34:14Z
- Summary
- Security update for salt
- Details
-
This update for salt fixes the following issues:
Update to Salt release version 3002.2 (jsc#ECO-3212, jsc#SLE-18033, jsc#SLE-18028)
- Check if dpkgnotify is executable (bsc#1186674)
- Drop support for Python2. Obsoletes
python2-saltpackage (jsc#SLE-18028) - virt module updates
- network: handle missing ipv4 netmask attribute
- more network support
- PCI/USB host devices passthrough support
- Set distro requirement to oldest supported version in requirements/base.txt
- Bring missing part of async batch implementation back (CVE-2021-25315, bsc#1182382)
- Always require
python3-distro(bsc#1182293) - Remove deprecated warning that breaks minion execution when 'serveriduse_crc' opts is missing
- Fix pkg states when DEB package has 'all' arch
- Do not force beacons configuration to be a list.
- Remove msgpack < 1.0.0 from base requirements (bsc#1176293)
- msgpack support for version >= 1.0.0 (bsc#1171257)
- Fix issue parsing errors in ansiblegate state module
- Prevent command injection in the snapper module (bsc#1185281, CVE-2021-31607)
- transactional_update: detect recursion in the executor
- Add subpackage salt-transactional-update (jsc#SLE-18033)
- Improvements on 'ansiblegate' module (bsc#1185092):
- New methods: ansible.targets / ansible.discover_playbooks
- Add support for Alibaba Cloud Linux 2 (Aliyun Linux)
- Regression fix of salt-ssh on processing targets
- Update target fix for salt-ssh and avoiding race condition on salt-ssh event processing (bsc#1179831, bsc#1182281)
- Add notify beacon for Debian/Ubuntu systems
- Fix zmq bug that causes salt-call to freeze (bsc#1181368)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
- References
-
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6E3YAO2VV3WBUS7PMAT26ZYDS3AXW5VL/
- https://bugzilla.suse.com/1171257
- https://bugzilla.suse.com/1176293
- https://bugzilla.suse.com/1179831
- https://bugzilla.suse.com/1181368
- https://bugzilla.suse.com/1182281
- https://bugzilla.suse.com/1182293
- https://bugzilla.suse.com/1182382
- https://bugzilla.suse.com/1185092
- https://bugzilla.suse.com/1185281
- https://bugzilla.suse.com/1186674
- https://www.suse.com/security/cve/CVE-2018-15750
- https://www.suse.com/security/cve/CVE-2018-15751
- https://www.suse.com/security/cve/CVE-2020-11651
- https://www.suse.com/security/cve/CVE-2020-11652
- https://www.suse.com/security/cve/CVE-2020-25592
- https://www.suse.com/security/cve/CVE-2021-25315
- https://www.suse.com/security/cve/CVE-2021-31607
Affected packages
openSUSE:Leap 15.2 / salt
Package
- Name
- salt
- Purl
- purl:rpm/suse/salt&distro=openSUSE%20Leap%2015.2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3002.2-lp152.3.36.1
Ecosystem specific
{
"binaries": [
{
"salt-bash-completion": "3002.2-lp152.3.36.1",
"salt-cloud": "3002.2-lp152.3.36.1",
"salt": "3002.2-lp152.3.36.1",
"python3-salt": "3002.2-lp152.3.36.1",
"salt-ssh": "3002.2-lp152.3.36.1",
"salt-transactional-update": "3002.2-lp152.3.36.1",
"salt-proxy": "3002.2-lp152.3.36.1",
"salt-zsh-completion": "3002.2-lp152.3.36.1",
"salt-standalone-formulas-configuration": "3002.2-lp152.3.36.1",
"salt-syndic": "3002.2-lp152.3.36.1",
"salt-master": "3002.2-lp152.3.36.1",
"salt-doc": "3002.2-lp152.3.36.1",
"salt-api": "3002.2-lp152.3.36.1",
"salt-minion": "3002.2-lp152.3.36.1",
"salt-fish-completion": "3002.2-lp152.3.36.1"
}
]
}