Mailinglist Archive: opensuse-updates (123 mails)

< Previous Next >
openSUSE-SU-2017:2822-1: moderate: Security update for salt
openSUSE Security Update: Security update for salt
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:2822-1
Rating: moderate
References: #1020831 #1022562 #1022841 #1023535 #1027722
#1030009 #1030073 #1032213 #1032452 #1032931
#1035914 #1036125 #1038855 #1040886 #1042749
#1043111 #1052264 #1053955 #1059758 #1061407
#1062462 #1062464 #985112
Cross-References: CVE-2017-12791 CVE-2017-14695 CVE-2017-14696

Affected Products:
openSUSE Leap 42.2
______________________________________________________________________________

An update that solves three vulnerabilities and has 20
fixes is now available.

Description:

Salt was updated to 2017.7.2 and also to fix various bugs and security
issues.

See the following resources for the full changelog:
https://docs.saltstack.com/en/develop/topics/releases/2017.7.2.html
https://docs.saltstack.com/en/develop/topics/releases/2017.7.1.html
https://docs.saltstack.com/en/develop/topics/releases/2017.7.0.html

Security issues fixed:

- CVE-2017-14695: A directory traversal during minion id validation was
fixed. (boo#1062462)
- CVE-2017-14696: A remote denial of service attack with a specially
crafted authentication request was fixed. (boo#1062464)
- CVE-2017-12791: crafted minion ID could lead directory traversal on the
Salt-master (boo#1053955)

Non security issues fixed:

- Add possibility to generate _version.py at the build time for raw
builds: https://github.com/saltstack/salt/pull/43955
- Fix salt target-type field returns "String" for existing jids but an
empty "Array" for non existing jids. (issue #1711)
- Fixed minion resource exhaustion when many functions are being executed
in parallel (boo#1059758)
- Remove 'TasksTask' attribute from salt-master.service in older versions
of systemd (boo#985112)
- Provide custom SUSE salt-master.service file.
- Fix wrong version reported by Salt (boo#1061407)
- list_pkgs: add parameter for returned attribute selection (boo#1052264)
- Adding the leftover for zypper and yum list_pkgs functionality.
- Use $HOME to get the user home directory instead using '~' char
(boo#1042749)
- fix ownership for whole master cache directory (boo#1035914)
- fix setting the language on SUSE systems (boo#1038855)
- wrong os_family grains on SUSE - fix unittests (boo#1038855)
- speed-up cherrypy by removing sleep call
- Disable 3rd party runtime packages to be explicitly recommended.
(boo#1040886)
- fix format error (boo#1043111)
- Add a salt-minion watchdog for RHEL6 and SLES11 systems (sysV) to
restart salt-minion in case of crashes during upgrade.
- Add procps as dependency.
- Bugfix: jobs scheduled to run at a future time stay pending for Salt
minions (boo#1036125)
- Wrong os_family grains on SUSE - fix unittests. (boo#1038855)
- Fix setting the language on SUSE systems. (boo#1038855)
- Bugfix: unable to use hostname for minion ID as '127'. (upstream)
- Bugfix: remove sleep call in CheppryPy API handler. (upstream)
- Fix core grains constants for timezone. (boo#1032931)
- Prevents zero length error on Python 2.6.
- Fixes zypper test error after backporting.
- Refactoring on Zypper and Yum execution and state modules to allow
installation of patches/errata.
- Allows to set 'timeout' and 'gather_job_timeout' via kwargs.
- Add missing bootstrap script for Salt Cloud. (boo#1032452)
- raet protocol is no longer supported. (boo#1020831)
- Fix: add missing /var/cache/salt/cloud directory. (boo#1032213)
- Cleanup salt user environment preparation. (boo#1027722)
- Fix: race condition on cache directory creation.
- Fix: /var/log/salt/minion fails logrotate. (boo#1030009)
- Fix: Result of master_tops extension is mutually overwritten.
(boo#1030073)
- Allows to set custom timeouts for 'manage.up' and 'manage.status'.
- Keep fix for migrating salt home directory. (boo#1022562)
- Fix salt-minion update on RHEL. (boo#1022841)
- Prevents 'OSError' exception in case certain job cache path doesn't
exist. (boo#1023535)


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-1183=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE Leap 42.2 (x86_64):

salt-2017.7.2-5.3.1
salt-api-2017.7.2-5.3.1
salt-cloud-2017.7.2-5.3.1
salt-doc-2017.7.2-5.3.1
salt-master-2017.7.2-5.3.1
salt-minion-2017.7.2-5.3.1
salt-proxy-2017.7.2-5.3.1
salt-ssh-2017.7.2-5.3.1
salt-syndic-2017.7.2-5.3.1

- openSUSE Leap 42.2 (noarch):

salt-bash-completion-2017.7.2-5.3.1
salt-fish-completion-2017.7.2-5.3.1
salt-zsh-completion-2017.7.2-5.3.1


References:

https://www.suse.com/security/cve/CVE-2017-12791.html
https://www.suse.com/security/cve/CVE-2017-14695.html
https://www.suse.com/security/cve/CVE-2017-14696.html
https://bugzilla.suse.com/1020831
https://bugzilla.suse.com/1022562
https://bugzilla.suse.com/1022841
https://bugzilla.suse.com/1023535
https://bugzilla.suse.com/1027722
https://bugzilla.suse.com/1030009
https://bugzilla.suse.com/1030073
https://bugzilla.suse.com/1032213
https://bugzilla.suse.com/1032452
https://bugzilla.suse.com/1032931
https://bugzilla.suse.com/1035914
https://bugzilla.suse.com/1036125
https://bugzilla.suse.com/1038855
https://bugzilla.suse.com/1040886
https://bugzilla.suse.com/1042749
https://bugzilla.suse.com/1043111
https://bugzilla.suse.com/1052264
https://bugzilla.suse.com/1053955
https://bugzilla.suse.com/1059758
https://bugzilla.suse.com/1061407
https://bugzilla.suse.com/1062462
https://bugzilla.suse.com/1062464
https://bugzilla.suse.com/985112


< Previous Next >
This Thread
  • No further messages