Security update for SUSE Manager Salt Bundle
Announcement ID: | SUSE-SU-2024:1518-1 |
---|---|
Rating: | important |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves two vulnerabilities, contains one feature and has five security fixes can now be installed.
Description:
This update fixes the following issues:
venv-salt-minion:
-
Security issues fixed:
-
CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master (bsc#1219430)
-
CVE-2024-22232: Prevent directory traversal attacks in the master's serve_file method (bsc#1219431)
-
Bugs fixed:
-
Convert oscap output to UTF-8
- Make Salt compatible with Python 3.11
- Ignore non-ascii chars in oscap output (bsc#1219001)
- Fix detected issues in Salt tests when running on VMs
- Make importing seco.range thread safe (bsc#1211649)
- Fix problematic tests and allow smooth tests executions on containers
- Discover Ansible playbook files as ".yml" or ".yaml" files (bsc#1211888)
- Prevent exceptions with fileserver.update when called via state (bsc#1218482)
- Improve pip target override condition with VENV_PIP_TARGET environment variable (bsc#1216850)
- Fixed KeyError in logs when running a state that fails
Special Instructions and Notes:
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Manager Client Tools for SLE 15
zypper in -t patch SUSE-SLE-Manager-Tools-15-2024-1518=1
-
SUSE Manager Client Tools for SLE Micro 5
zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2024-1518=1
-
SUSE Manager Proxy 4.3 Module 4.3
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2024-1518=1
-
SUSE Manager Server 4.3 Module 4.3
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2024-1518=1
Package List:
-
SUSE Manager Client Tools for SLE 15 (aarch64 ppc64le s390x x86_64)
- venv-salt-minion-3006.0-150000.3.54.3
-
SUSE Manager Client Tools for SLE Micro 5 (aarch64 s390x x86_64)
- venv-salt-minion-3006.0-150000.3.54.3
-
SUSE Manager Proxy 4.3 Module 4.3 (aarch64 ppc64le s390x x86_64)
- venv-salt-minion-3006.0-150000.3.54.3
-
SUSE Manager Server 4.3 Module 4.3 (aarch64 ppc64le s390x x86_64)
- venv-salt-minion-3006.0-150000.3.54.3
References:
- https://www.suse.com/security/cve/CVE-2024-22231.html
- https://www.suse.com/security/cve/CVE-2024-22232.html
- https://bugzilla.suse.com/show_bug.cgi?id=1211649
- https://bugzilla.suse.com/show_bug.cgi?id=1211888
- https://bugzilla.suse.com/show_bug.cgi?id=1216850
- https://bugzilla.suse.com/show_bug.cgi?id=1218482
- https://bugzilla.suse.com/show_bug.cgi?id=1219001
- https://bugzilla.suse.com/show_bug.cgi?id=1219430
- https://bugzilla.suse.com/show_bug.cgi?id=1219431
- https://jira.suse.com/browse/MSQA-760