Mailinglist Archive: opensuse-updates (123 mails)
< Previous | Next > |
openSUSE-SU-2017:2822-1: moderate: Security update for salt
- From: opensuse-security@xxxxxxxxxxxx
- Date: Sat, 21 Oct 2017 00:12:52 +0200 (CEST)
- Message-id: <20171020221252.8A0D6FC69@maintenance.suse.de>
openSUSE Security Update: Security update for salt
______________________________________________________________________________
Announcement ID: openSUSE-SU-2017:2822-1
Rating: moderate
References: #1020831 #1022562 #1022841 #1023535 #1027722
#1030009 #1030073 #1032213 #1032452 #1032931
#1035914 #1036125 #1038855 #1040886 #1042749
#1043111 #1052264 #1053955 #1059758 #1061407
#1062462 #1062464 #985112
Cross-References: CVE-2017-12791 CVE-2017-14695 CVE-2017-14696
Affected Products:
openSUSE Leap 42.2
______________________________________________________________________________
An update that solves three vulnerabilities and has 20
fixes is now available.
Description:
Salt was updated to 2017.7.2 and also to fix various bugs and security
issues.
See the following resources for the full changelog:
https://docs.saltstack.com/en/develop/topics/releases/2017.7.2.html
https://docs.saltstack.com/en/develop/topics/releases/2017.7.1.html
https://docs.saltstack.com/en/develop/topics/releases/2017.7.0.html
Security issues fixed:
- CVE-2017-14695: A directory traversal during minion id validation was
fixed. (boo#1062462)
- CVE-2017-14696: A remote denial of service attack with a specially
crafted authentication request was fixed. (boo#1062464)
- CVE-2017-12791: crafted minion ID could lead directory traversal on the
Salt-master (boo#1053955)
Non security issues fixed:
- Add possibility to generate _version.py at the build time for raw
builds: https://github.com/saltstack/salt/pull/43955
- Fix salt target-type field returns "String" for existing jids but an
empty "Array" for non existing jids. (issue #1711)
- Fixed minion resource exhaustion when many functions are being executed
in parallel (boo#1059758)
- Remove 'TasksTask' attribute from salt-master.service in older versions
of systemd (boo#985112)
- Provide custom SUSE salt-master.service file.
- Fix wrong version reported by Salt (boo#1061407)
- list_pkgs: add parameter for returned attribute selection (boo#1052264)
- Adding the leftover for zypper and yum list_pkgs functionality.
- Use $HOME to get the user home directory instead using '~' char
(boo#1042749)
- fix ownership for whole master cache directory (boo#1035914)
- fix setting the language on SUSE systems (boo#1038855)
- wrong os_family grains on SUSE - fix unittests (boo#1038855)
- speed-up cherrypy by removing sleep call
- Disable 3rd party runtime packages to be explicitly recommended.
(boo#1040886)
- fix format error (boo#1043111)
- Add a salt-minion watchdog for RHEL6 and SLES11 systems (sysV) to
restart salt-minion in case of crashes during upgrade.
- Add procps as dependency.
- Bugfix: jobs scheduled to run at a future time stay pending for Salt
minions (boo#1036125)
- Wrong os_family grains on SUSE - fix unittests. (boo#1038855)
- Fix setting the language on SUSE systems. (boo#1038855)
- Bugfix: unable to use hostname for minion ID as '127'. (upstream)
- Bugfix: remove sleep call in CheppryPy API handler. (upstream)
- Fix core grains constants for timezone. (boo#1032931)
- Prevents zero length error on Python 2.6.
- Fixes zypper test error after backporting.
- Refactoring on Zypper and Yum execution and state modules to allow
installation of patches/errata.
- Allows to set 'timeout' and 'gather_job_timeout' via kwargs.
- Add missing bootstrap script for Salt Cloud. (boo#1032452)
- raet protocol is no longer supported. (boo#1020831)
- Fix: add missing /var/cache/salt/cloud directory. (boo#1032213)
- Cleanup salt user environment preparation. (boo#1027722)
- Fix: race condition on cache directory creation.
- Fix: /var/log/salt/minion fails logrotate. (boo#1030009)
- Fix: Result of master_tops extension is mutually overwritten.
(boo#1030073)
- Allows to set custom timeouts for 'manage.up' and 'manage.status'.
- Keep fix for migrating salt home directory. (boo#1022562)
- Fix salt-minion update on RHEL. (boo#1022841)
- Prevents 'OSError' exception in case certain job cache path doesn't
exist. (boo#1023535)
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2017-1183=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.2 (x86_64):
salt-2017.7.2-5.3.1
salt-api-2017.7.2-5.3.1
salt-cloud-2017.7.2-5.3.1
salt-doc-2017.7.2-5.3.1
salt-master-2017.7.2-5.3.1
salt-minion-2017.7.2-5.3.1
salt-proxy-2017.7.2-5.3.1
salt-ssh-2017.7.2-5.3.1
salt-syndic-2017.7.2-5.3.1
- openSUSE Leap 42.2 (noarch):
salt-bash-completion-2017.7.2-5.3.1
salt-fish-completion-2017.7.2-5.3.1
salt-zsh-completion-2017.7.2-5.3.1
References:
https://www.suse.com/security/cve/CVE-2017-12791.html
https://www.suse.com/security/cve/CVE-2017-14695.html
https://www.suse.com/security/cve/CVE-2017-14696.html
https://bugzilla.suse.com/1020831
https://bugzilla.suse.com/1022562
https://bugzilla.suse.com/1022841
https://bugzilla.suse.com/1023535
https://bugzilla.suse.com/1027722
https://bugzilla.suse.com/1030009
https://bugzilla.suse.com/1030073
https://bugzilla.suse.com/1032213
https://bugzilla.suse.com/1032452
https://bugzilla.suse.com/1032931
https://bugzilla.suse.com/1035914
https://bugzilla.suse.com/1036125
https://bugzilla.suse.com/1038855
https://bugzilla.suse.com/1040886
https://bugzilla.suse.com/1042749
https://bugzilla.suse.com/1043111
https://bugzilla.suse.com/1052264
https://bugzilla.suse.com/1053955
https://bugzilla.suse.com/1059758
https://bugzilla.suse.com/1061407
https://bugzilla.suse.com/1062462
https://bugzilla.suse.com/1062464
https://bugzilla.suse.com/985112
______________________________________________________________________________
Announcement ID: openSUSE-SU-2017:2822-1
Rating: moderate
References: #1020831 #1022562 #1022841 #1023535 #1027722
#1030009 #1030073 #1032213 #1032452 #1032931
#1035914 #1036125 #1038855 #1040886 #1042749
#1043111 #1052264 #1053955 #1059758 #1061407
#1062462 #1062464 #985112
Cross-References: CVE-2017-12791 CVE-2017-14695 CVE-2017-14696
Affected Products:
openSUSE Leap 42.2
______________________________________________________________________________
An update that solves three vulnerabilities and has 20
fixes is now available.
Description:
Salt was updated to 2017.7.2 and also to fix various bugs and security
issues.
See the following resources for the full changelog:
https://docs.saltstack.com/en/develop/topics/releases/2017.7.2.html
https://docs.saltstack.com/en/develop/topics/releases/2017.7.1.html
https://docs.saltstack.com/en/develop/topics/releases/2017.7.0.html
Security issues fixed:
- CVE-2017-14695: A directory traversal during minion id validation was
fixed. (boo#1062462)
- CVE-2017-14696: A remote denial of service attack with a specially
crafted authentication request was fixed. (boo#1062464)
- CVE-2017-12791: crafted minion ID could lead directory traversal on the
Salt-master (boo#1053955)
Non security issues fixed:
- Add possibility to generate _version.py at the build time for raw
builds: https://github.com/saltstack/salt/pull/43955
- Fix salt target-type field returns "String" for existing jids but an
empty "Array" for non existing jids. (issue #1711)
- Fixed minion resource exhaustion when many functions are being executed
in parallel (boo#1059758)
- Remove 'TasksTask' attribute from salt-master.service in older versions
of systemd (boo#985112)
- Provide custom SUSE salt-master.service file.
- Fix wrong version reported by Salt (boo#1061407)
- list_pkgs: add parameter for returned attribute selection (boo#1052264)
- Adding the leftover for zypper and yum list_pkgs functionality.
- Use $HOME to get the user home directory instead using '~' char
(boo#1042749)
- fix ownership for whole master cache directory (boo#1035914)
- fix setting the language on SUSE systems (boo#1038855)
- wrong os_family grains on SUSE - fix unittests (boo#1038855)
- speed-up cherrypy by removing sleep call
- Disable 3rd party runtime packages to be explicitly recommended.
(boo#1040886)
- fix format error (boo#1043111)
- Add a salt-minion watchdog for RHEL6 and SLES11 systems (sysV) to
restart salt-minion in case of crashes during upgrade.
- Add procps as dependency.
- Bugfix: jobs scheduled to run at a future time stay pending for Salt
minions (boo#1036125)
- Wrong os_family grains on SUSE - fix unittests. (boo#1038855)
- Fix setting the language on SUSE systems. (boo#1038855)
- Bugfix: unable to use hostname for minion ID as '127'. (upstream)
- Bugfix: remove sleep call in CheppryPy API handler. (upstream)
- Fix core grains constants for timezone. (boo#1032931)
- Prevents zero length error on Python 2.6.
- Fixes zypper test error after backporting.
- Refactoring on Zypper and Yum execution and state modules to allow
installation of patches/errata.
- Allows to set 'timeout' and 'gather_job_timeout' via kwargs.
- Add missing bootstrap script for Salt Cloud. (boo#1032452)
- raet protocol is no longer supported. (boo#1020831)
- Fix: add missing /var/cache/salt/cloud directory. (boo#1032213)
- Cleanup salt user environment preparation. (boo#1027722)
- Fix: race condition on cache directory creation.
- Fix: /var/log/salt/minion fails logrotate. (boo#1030009)
- Fix: Result of master_tops extension is mutually overwritten.
(boo#1030073)
- Allows to set custom timeouts for 'manage.up' and 'manage.status'.
- Keep fix for migrating salt home directory. (boo#1022562)
- Fix salt-minion update on RHEL. (boo#1022841)
- Prevents 'OSError' exception in case certain job cache path doesn't
exist. (boo#1023535)
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2017-1183=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.2 (x86_64):
salt-2017.7.2-5.3.1
salt-api-2017.7.2-5.3.1
salt-cloud-2017.7.2-5.3.1
salt-doc-2017.7.2-5.3.1
salt-master-2017.7.2-5.3.1
salt-minion-2017.7.2-5.3.1
salt-proxy-2017.7.2-5.3.1
salt-ssh-2017.7.2-5.3.1
salt-syndic-2017.7.2-5.3.1
- openSUSE Leap 42.2 (noarch):
salt-bash-completion-2017.7.2-5.3.1
salt-fish-completion-2017.7.2-5.3.1
salt-zsh-completion-2017.7.2-5.3.1
References:
https://www.suse.com/security/cve/CVE-2017-12791.html
https://www.suse.com/security/cve/CVE-2017-14695.html
https://www.suse.com/security/cve/CVE-2017-14696.html
https://bugzilla.suse.com/1020831
https://bugzilla.suse.com/1022562
https://bugzilla.suse.com/1022841
https://bugzilla.suse.com/1023535
https://bugzilla.suse.com/1027722
https://bugzilla.suse.com/1030009
https://bugzilla.suse.com/1030073
https://bugzilla.suse.com/1032213
https://bugzilla.suse.com/1032452
https://bugzilla.suse.com/1032931
https://bugzilla.suse.com/1035914
https://bugzilla.suse.com/1036125
https://bugzilla.suse.com/1038855
https://bugzilla.suse.com/1040886
https://bugzilla.suse.com/1042749
https://bugzilla.suse.com/1043111
https://bugzilla.suse.com/1052264
https://bugzilla.suse.com/1053955
https://bugzilla.suse.com/1059758
https://bugzilla.suse.com/1061407
https://bugzilla.suse.com/1062462
https://bugzilla.suse.com/1062464
https://bugzilla.suse.com/985112
< Previous | Next > |