Security Beta update for Salt

SUSE Security Update: Security Beta update for Salt
Announcement ID: SUSE-SU-2020:0763-1
Rating: important
References: #1157465 #1162327 #1162504 #1163981 #1165425
Cross-References:CVE-2019-18897
Affected Products:
  • SUSE Manager Tools 15-BETA

An update that solves one vulnerability and has four fixes is now available.

Description:


This update fixes the following issues:
salt:

  • Requiring python3-distro only for openSUSE/SLE >= 15
  • Use full option name instead of undocumented abbreviation for zypper
  • Python-distro is only needed for > Python 3.7. Removing it for Python 2
  • Fixed a local privilege escalation to root (bsc#1157465) (CVE-2019-18897)
  • Fix unit tests failures in test_batch_async tests
  • Batch Async: Handle exceptions, properly unregister and close instances after running async batching to avoid CPU starvation of the MWorkers (bsc#1162327)
  • RHEL/CentOS 8 uses platform-python instead of python3
  • Enable build for Python 3.8
  • Update to Salt version 2019.2.3 (bsc#1163981) (bsc#1162504)
  • Replacing pycrypto with M2Crypto (bsc#1165425)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Manager Tools 15-BETA:
    zypper in -t patch SUSE-SLE-Manager-Tools-15-2020-763=1

Package List:

  • SUSE Manager Tools 15-BETA (aarch64 ppc64le s390x x86_64):
    • python2-salt-2019.2.3-8.12.1
    • python3-salt-2019.2.3-8.12.1
    • salt-2019.2.3-8.12.1
    • salt-api-2019.2.3-8.12.1
    • salt-cloud-2019.2.3-8.12.1
    • salt-doc-2019.2.3-8.12.1
    • salt-master-2019.2.3-8.12.1
    • salt-minion-2019.2.3-8.12.1
    • salt-proxy-2019.2.3-8.12.1
    • salt-ssh-2019.2.3-8.12.1
    • salt-standalone-formulas-configuration-2019.2.3-8.12.1
    • salt-syndic-2019.2.3-8.12.1
  • SUSE Manager Tools 15-BETA (noarch):
    • salt-bash-completion-2019.2.3-8.12.1
    • salt-fish-completion-2019.2.3-8.12.1
    • salt-zsh-completion-2019.2.3-8.12.1

References: