Mailinglist Archive: opensuse-updates (123 mails)

< Previous Next >
openSUSE-SU-2017:2822-1: moderate: Security update for salt
openSUSE Security Update: Security update for salt

Announcement ID: openSUSE-SU-2017:2822-1
Rating: moderate
References: #1020831 #1022562 #1022841 #1023535 #1027722
#1030009 #1030073 #1032213 #1032452 #1032931
#1035914 #1036125 #1038855 #1040886 #1042749
#1043111 #1052264 #1053955 #1059758 #1061407
#1062462 #1062464 #985112
Cross-References: CVE-2017-12791 CVE-2017-14695 CVE-2017-14696

Affected Products:
openSUSE Leap 42.2

An update that solves three vulnerabilities and has 20
fixes is now available.


Salt was updated to 2017.7.2 and also to fix various bugs and security

See the following resources for the full changelog:

Security issues fixed:

- CVE-2017-14695: A directory traversal during minion id validation was
fixed. (boo#1062462)
- CVE-2017-14696: A remote denial of service attack with a specially
crafted authentication request was fixed. (boo#1062464)
- CVE-2017-12791: crafted minion ID could lead directory traversal on the
Salt-master (boo#1053955)

Non security issues fixed:

- Add possibility to generate at the build time for raw
- Fix salt target-type field returns "String" for existing jids but an
empty "Array" for non existing jids. (issue #1711)
- Fixed minion resource exhaustion when many functions are being executed
in parallel (boo#1059758)
- Remove 'TasksTask' attribute from salt-master.service in older versions
of systemd (boo#985112)
- Provide custom SUSE salt-master.service file.
- Fix wrong version reported by Salt (boo#1061407)
- list_pkgs: add parameter for returned attribute selection (boo#1052264)
- Adding the leftover for zypper and yum list_pkgs functionality.
- Use $HOME to get the user home directory instead using '~' char
- fix ownership for whole master cache directory (boo#1035914)
- fix setting the language on SUSE systems (boo#1038855)
- wrong os_family grains on SUSE - fix unittests (boo#1038855)
- speed-up cherrypy by removing sleep call
- Disable 3rd party runtime packages to be explicitly recommended.
- fix format error (boo#1043111)
- Add a salt-minion watchdog for RHEL6 and SLES11 systems (sysV) to
restart salt-minion in case of crashes during upgrade.
- Add procps as dependency.
- Bugfix: jobs scheduled to run at a future time stay pending for Salt
minions (boo#1036125)
- Wrong os_family grains on SUSE - fix unittests. (boo#1038855)
- Fix setting the language on SUSE systems. (boo#1038855)
- Bugfix: unable to use hostname for minion ID as '127'. (upstream)
- Bugfix: remove sleep call in CheppryPy API handler. (upstream)
- Fix core grains constants for timezone. (boo#1032931)
- Prevents zero length error on Python 2.6.
- Fixes zypper test error after backporting.
- Refactoring on Zypper and Yum execution and state modules to allow
installation of patches/errata.
- Allows to set 'timeout' and 'gather_job_timeout' via kwargs.
- Add missing bootstrap script for Salt Cloud. (boo#1032452)
- raet protocol is no longer supported. (boo#1020831)
- Fix: add missing /var/cache/salt/cloud directory. (boo#1032213)
- Cleanup salt user environment preparation. (boo#1027722)
- Fix: race condition on cache directory creation.
- Fix: /var/log/salt/minion fails logrotate. (boo#1030009)
- Fix: Result of master_tops extension is mutually overwritten.
- Allows to set custom timeouts for 'manage.up' and 'manage.status'.
- Keep fix for migrating salt home directory. (boo#1022562)
- Fix salt-minion update on RHEL. (boo#1022841)
- Prevents 'OSError' exception in case certain job cache path doesn't
exist. (boo#1023535)

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-1183=1

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE Leap 42.2 (x86_64):


- openSUSE Leap 42.2 (noarch):



< Previous Next >
This Thread
  • No further messages