Mailinglist Archive: opensuse-updates (82 mails)

< Previous Next >
openSUSE-SU-2018:1053-1: moderate: Security update for salt
openSUSE Security Update: Security update for salt
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:1053-1
Rating: moderate
References: #1002529 #1004723 #1008933 #1011304 #1011800
#1012398 #1012999 #1017078 #1019386 #1022841
#1025896 #1027044 #1027240 #1027722 #1030009
#1036125 #1038855 #1039370 #1041993 #1050003
#1051948 #1052264 #1053376 #1053955 #1059291
#1060230 #1062462 #1063419 #1064520 #1065792
#1068446 #1068566 #1071322 #1075950 #1079048
#1081592 #967803 #972311 #972490 #975093
#975303 #975733 #975757 #978150 #983512 #985661
#986019 #988506 #989193 #989798 #990439 #991048
#993039 #999852
Cross-References: CVE-2016-9639 CVE-2017-12791 CVE-2017-14695
CVE-2017-14696 CVE-2017-5200
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that solves 5 vulnerabilities and has 49 fixes is
now available.

Description:

This update for salt fixes the following issues:

- [Regression] Permission problem: salt-ssh minion boostrap doesn't work
anymore. (bsc#1027722)
- wrong use of os_family string for Suse in the locale module and others
(bsc#1038855)
- Cannot bootstrap a host using "Manage system completely via SSH (will
not install an agent)" (bsc#1002529)
- add user to or replace members of group not working with SLES11 SPx
(bsc#978150)
- SLES-12-GA client fail to start salt minion (SUSE MANAGER 3.0)
(bsc#991048)
- salt pkg.latest raises exception if package is not availible
(bsc#1012999)
- pkg.list_products on "registerrelease" and "productline" returns
boolean.False if empty (bsc#989193)
- SLES-12-SP1 salt-minion clients has no Base Channel added by default
(bsc#986019)
- "The system requires a reboot" does not disappear from web-UI despite
the reboot (bsc#1017078)
- Remove option -f from startproc (bsc#975733)
- [PYTHON2] package salt-minion requires /usr/bin/python (bsc#1081592)
- Upgrading packages on RHEL6/7 client fails (bsc#1068566)
- /var/log/salt has insecure permissions (bsc#1071322)
- [Minion-bootstrapping] Invalid char cause server (salt-master ERROR)
(bsc#1011304)
- CVE-2016-9639: Possible information leak due to revoked keys still being
used (bsc#1012398)
- Bootstrapping SLES12 minion invalid (bsc#1053376)
- Minions not correctly onboarded if Proxy has multiple FQDNs (bsc#1063419)
- salt --summary '*' <function> reporting "# of minions that did not
return" wrongly (bsc#972311)
- RH-L3 SALT - Stacktrace if nscd package is not present when using nscd
state (bsc#1027044)
- Inspector broken: no module "query" or "inspector" while querying or
inspecting (bsc#989798)
- [ Regression ]Centos7 Minion remote command execution from gui or cli ,
minion not responding (bsc#1027240)
- SALT, minion_id generation doesn't match the newhostname (bsc#967803)
- Salt API server shuts down when SSH call with no matches is issued
(bsc#1004723)
- /var/log/salt/minion fails logrotate (bsc#1030009)
- Salt proxy test.ping crashes (bsc#975303)
- salt master flood log with useless messages (bsc#985661)
- After bootstrap salt client has deprecation warnings (bsc#1041993)
- Head: salt 2017.7.2 starts salt-master as user root (bsc#1064520)
- CVE-2017-12791: Maliciously crafted minion IDs can cause unwanted
directory traversals on the Salt-master (bsc#1053955)
- salt-2017.7.2 - broken %post script for salt-master (bsc#1079048)
- Tearing down deployment with SaltStack Kubernetes module always shows
error (bsc#1059291)
- lvm.vg_present does not recognize PV with certain LVM filter settings.
(bsc#988506)
- High state fails: No service execution module loaded: check support for
service (bsc#1065792)
- When multiple versions of a package are installed on a minion, patch
status may vary (bsc#972490)
- Salt cp.push does not work on SUMA 3.2 Builds because of python3.4
(bsc#1075950)
- timezone modue does not update /etc/sysconfig/clock (bsc#1008933)
- Add patches to salt to support SUSE Manager scalability features
(bsc#1052264)
- salt-minion failed to start on minimal RHEL6 because of DBus exception
during load of snapper module (bsc#993039)
- Permission denied: '/var/run/salt-master.pid' (bsc#1050003)
- Jobs scheduled to run at a future time stay pending for Salt minions
(bsc#1036125)
- Backport kubernetes-modules to salt (bsc#1051948)
- After highstate: The minion function caused an exception (bsc#1068446)
- VUL-0: CVE-2017-14695: salt: directory traversal vulnerability in minion
id validation (bsc#1062462)
- unable to update salt-minion on RHEL (bsc#1022841)
- Nodes run out of memory due to salt-minion process (bsc#983512)
- [Proxy] "Broken pipe" during bootstrap of salt minion (bsc#1039370)
- incorrect return code from /etc/rc.d/salt-minion (bsc#999852)
- CVE-2017-5200: Salt-ssh via api let's run arbitrary commands as user
salt (bsc#1011800)
- beacons.conf on salt-minion not processed (bsc#1060230)
- SLES11 SP3 salt-minion Client Cannot Select Base Channel (bsc#975093)
- salt-ssh sys.doc gives authentication failure without arguments
(bsc#1019386)
- minion bootstrapping: error when bootstrap SLE11 clients (bsc#990439)
- Certificate Deployment Fails for SLES11 SP3 Clients (bsc#975757)
- state.module run() does not translate varargs (bsc#1025896)


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended
installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-388=1



Package List:

- openSUSE Leap 42.3 (x86_64):

python2-salt-2018.3.0-17.1
python3-salt-2018.3.0-17.1
salt-2018.3.0-17.1
salt-api-2018.3.0-17.1
salt-cloud-2018.3.0-17.1
salt-doc-2018.3.0-17.1
salt-master-2018.3.0-17.1
salt-minion-2018.3.0-17.1
salt-proxy-2018.3.0-17.1
salt-ssh-2018.3.0-17.1
salt-syndic-2018.3.0-17.1

- openSUSE Leap 42.3 (noarch):

salt-bash-completion-2018.3.0-17.1
salt-fish-completion-2018.3.0-17.1
salt-zsh-completion-2018.3.0-17.1


References:

https://www.suse.com/security/cve/CVE-2016-9639.html
https://www.suse.com/security/cve/CVE-2017-12791.html
https://www.suse.com/security/cve/CVE-2017-14695.html
https://www.suse.com/security/cve/CVE-2017-14696.html
https://www.suse.com/security/cve/CVE-2017-5200.html
https://bugzilla.suse.com/1002529
https://bugzilla.suse.com/1004723
https://bugzilla.suse.com/1008933
https://bugzilla.suse.com/1011304
https://bugzilla.suse.com/1011800
https://bugzilla.suse.com/1012398
https://bugzilla.suse.com/1012999
https://bugzilla.suse.com/1017078
https://bugzilla.suse.com/1019386
https://bugzilla.suse.com/1022841
https://bugzilla.suse.com/1025896
https://bugzilla.suse.com/1027044
https://bugzilla.suse.com/1027240
https://bugzilla.suse.com/1027722
https://bugzilla.suse.com/1030009
https://bugzilla.suse.com/1036125
https://bugzilla.suse.com/1038855
https://bugzilla.suse.com/1039370
https://bugzilla.suse.com/1041993
https://bugzilla.suse.com/1050003
https://bugzilla.suse.com/1051948
https://bugzilla.suse.com/1052264
https://bugzilla.suse.com/1053376
https://bugzilla.suse.com/1053955
https://bugzilla.suse.com/1059291
https://bugzilla.suse.com/1060230
https://bugzilla.suse.com/1062462
https://bugzilla.suse.com/1063419
https://bugzilla.suse.com/1064520
https://bugzilla.suse.com/1065792
https://bugzilla.suse.com/1068446
https://bugzilla.suse.com/1068566
https://bugzilla.suse.com/1071322
https://bugzilla.suse.com/1075950
https://bugzilla.suse.com/1079048
https://bugzilla.suse.com/1081592
https://bugzilla.suse.com/967803
https://bugzilla.suse.com/972311
https://bugzilla.suse.com/972490
https://bugzilla.suse.com/975093
https://bugzilla.suse.com/975303
https://bugzilla.suse.com/975733
https://bugzilla.suse.com/975757
https://bugzilla.suse.com/978150
https://bugzilla.suse.com/983512
https://bugzilla.suse.com/985661
https://bugzilla.suse.com/986019
https://bugzilla.suse.com/988506
https://bugzilla.suse.com/989193
https://bugzilla.suse.com/989798
https://bugzilla.suse.com/990439
https://bugzilla.suse.com/991048
https://bugzilla.suse.com/993039
https://bugzilla.suse.com/999852


< Previous Next >
This Thread
  • No further messages