Today we have released an unscheduled update for Uyuni 2020.09, for 3 security issues
affecting the Salt master and minions:
CVE-2020-16846, CVE-2020-17490 and CVE-2020-25592.
First, a small warning. The current salt on openSUSE Leap 15.1/15.2 fixes the
CVEs already, but contains a regression that breaks onboarding from WebUI and
salt ssh managed minions.
A fix for this is already in the openSUSE queue and should be released soon.
Please make sure you are on the most recent release (2020.09) and use the
following commands on the Uyuni server:
# zypper addrepo
# zypper refresh
# spacewalk-service stop
# zypper update
# spacewalk-service start
This will download the required spacewalk-java and py26-compat-salt packages, as well as
salt from openSUSE Leap 15.2
Proxies and Clients
Just sync your channels on the Uyuni Server for all operating systems, and that
will get the updated salt packages.
Then apply the updates to all your clients as you would do for any other
Pau Garcia Quiles
SUSE Manager Product Owner & Technical Project Manager
SUSE Software Solutions Spain