openSUSE Security Update: Security update for salt ______________________________________________________________________________
Announcement ID: openSUSE-SU-2017:2383-1 Rating: moderate References: #1035914 #1036125 #1038855 #1040886 #1043111 #1053955 Cross-References: CVE-2017-12791 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________
An update that solves one vulnerability and has 5 fixes is now available.
Description:
This update for salt fixes the following issues:
- Update to 2017.7.1 See https://docs.saltstack.com/en/develop/topics/releases/2017.7.1.html for full changelog - CVE-2017-12791: crafted minion ID could lead directory traversal on the Salt-master (boo#1053955)
- Run fdupes over all of /usr because it still warns about duplicate files. Remove ancient suse_version > 1020 conditional. - Replace unnecessary %__ indirections. Use grep -q in favor of >/dev/null. - Avoid bashisms in %pre.
- Update to 2017.7.0 See https://docs.saltstack.com/en/develop/topics/releases/2017.7.0.html for full changelog - fix ownership for whole master cache directory (boo#1035914) - fix setting the language on SUSE systems (boo#1038855) - wrong os_family grains on SUSE - fix unittests (boo#1038855) - speed-up cherrypy by removing sleep call - Disable 3rd party runtime packages to be explicitly recommended. (boo#1040886) - fix format error (boo#1043111) - Add a salt-minion watchdog for RHEL6 and SLES11 systems (sysV) to restart salt-minion in case of crashes during upgrade. - Add procps as dependency. - Bugfix: jobs scheduled to run at a future time stay pending for Salt minions (boo#1036125)
Patch Instructions:
To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2017-1016=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.3 (noarch):
salt-bash-completion-2017.7.1-11.1 salt-fish-completion-2017.7.1-11.1 salt-zsh-completion-2017.7.1-11.1
- openSUSE Leap 42.3 (x86_64):
salt-2017.7.1-11.1 salt-api-2017.7.1-11.1 salt-cloud-2017.7.1-11.1 salt-doc-2017.7.1-11.1 salt-master-2017.7.1-11.1 salt-minion-2017.7.1-11.1 salt-proxy-2017.7.1-11.1 salt-ssh-2017.7.1-11.1 salt-syndic-2017.7.1-11.1
References:
https://www.suse.com/security/cve/CVE-2017-12791.html https://bugzilla.suse.com/1035914 https://bugzilla.suse.com/1036125 https://bugzilla.suse.com/1038855 https://bugzilla.suse.com/1040886 https://bugzilla.suse.com/1043111 https://bugzilla.suse.com/1053955