Hello Today we have released an unscheduled update for Uyuni 2020.09, for 3 security issues affecting the Salt master and minions: CVE-2020-16846, CVE-2020-17490 and CVE-2020-25592. First, a small warning. The current salt on openSUSE Leap 15.1/15.2 fixes the CVEs already, but contains a regression that breaks onboarding from WebUI and salt ssh managed minions. A fix for this is already in the openSUSE queue and should be released soon. Server ====== Please make sure you are on the most recent release (2020.09) and use the following commands on the Uyuni server: # zypper addrepo https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable:... # zypper refresh # spacewalk-service stop # zypper update # spacewalk-service start This will download the required spacewalk-java and py26-compat-salt packages, as well as salt from openSUSE Leap 15.2 Proxies and Clients =================== Just sync your channels on the Uyuni Server for all operating systems, and that will get the updated salt packages. Then apply the updates to all your clients as you would do for any other security updates. More information ================ https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclos... https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16846/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25592/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17490/ Thank you Pau Garcia Quiles SUSE Manager Product Owner & Technical Project Manager SUSE Software Solutions Spain