Mailinglist Archive: opensuse-updates (127 mails)

< Previous Next >
openSUSE-SU-2017:2383-1: moderate: Security update for salt
openSUSE Security Update: Security update for salt
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:2383-1
Rating: moderate
References: #1035914 #1036125 #1038855 #1040886 #1043111
#1053955
Cross-References: CVE-2017-12791
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that solves one vulnerability and has 5 fixes is
now available.

Description:

This update for salt fixes the following issues:

- Update to 2017.7.1 See
https://docs.saltstack.com/en/develop/topics/releases/2017.7.1.html for
full changelog
- CVE-2017-12791: crafted minion ID could lead directory traversal on the
Salt-master (boo#1053955)


- Run fdupes over all of /usr because it still warns about duplicate
files. Remove ancient suse_version > 1020 conditional.
- Replace unnecessary %__ indirections. Use grep -q in favor of >/dev/null.
- Avoid bashisms in %pre.

- Update to 2017.7.0 See
https://docs.saltstack.com/en/develop/topics/releases/2017.7.0.html for
full changelog
- fix ownership for whole master cache directory (boo#1035914)
- fix setting the language on SUSE systems (boo#1038855)
- wrong os_family grains on SUSE - fix unittests (boo#1038855)
- speed-up cherrypy by removing sleep call
- Disable 3rd party runtime packages to be explicitly recommended.
(boo#1040886)
- fix format error (boo#1043111)
- Add a salt-minion watchdog for RHEL6 and SLES11 systems (sysV) to
restart salt-minion in case of crashes during upgrade.
- Add procps as dependency.
- Bugfix: jobs scheduled to run at a future time stay pending for Salt
minions (boo#1036125)


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2017-1016=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE Leap 42.3 (noarch):

salt-bash-completion-2017.7.1-11.1
salt-fish-completion-2017.7.1-11.1
salt-zsh-completion-2017.7.1-11.1

- openSUSE Leap 42.3 (x86_64):

salt-2017.7.1-11.1
salt-api-2017.7.1-11.1
salt-cloud-2017.7.1-11.1
salt-doc-2017.7.1-11.1
salt-master-2017.7.1-11.1
salt-minion-2017.7.1-11.1
salt-proxy-2017.7.1-11.1
salt-ssh-2017.7.1-11.1
salt-syndic-2017.7.1-11.1


References:

https://www.suse.com/security/cve/CVE-2017-12791.html
https://bugzilla.suse.com/1035914
https://bugzilla.suse.com/1036125
https://bugzilla.suse.com/1038855
https://bugzilla.suse.com/1040886
https://bugzilla.suse.com/1043111
https://bugzilla.suse.com/1053955


< Previous Next >
This Thread
  • No further messages