Security update for SUSE Manager Client Tools
Announcement ID: | SUSE-SU-202404:15254-1 |
---|---|
Rating: | moderate |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves two vulnerabilities, contains two features and has five security fixes can now be installed.
Description:
This update fixes the following issues:
salt:
- Prevent directory traversal when creating syndic cache directory on the master (CVE-2024-22231, bsc#1219430)
- Prevent directory traversal attacks in the master's serve_file method (CVE-2024-22232, bsc#1219431)
- Convert oscap output to UTF-8
- Make Salt compatible with Python 3.11
- Ignore non-ascii chars in oscap output (bsc#1219001)
- Fix detected issues in Salt tests when running on VMs
- Make importing seco.range thread safe (bsc#1211649)
- Fix problematic tests and allow smooth tests executions on containers
- Discover Ansible playbook files as ".yml" or ".yaml" files (bsc#1211888)
- Provide user(salt)/group(salt) capabilities for RPM 4.19
- Extend dependencies for python3-salt-testsuite and python3-salt packages
- Improve Salt and testsuite packages multibuild
- Enable multibuild and create test flavor
- Additionally we require python-mock just for older Python versions.
- Prevent exceptions with fileserver.update when called via state (bsc#1218482)
- Improve pip target override condition with VENV_PIP_TARGET environment variable (bsc#1216850)
- Fixed KeyError in logs when running a state that fails
scap-security-guide:
- Updated to 0.1.71 (jsc#ECO-3319)
- Add RHEL 9 STIG
- Add support for Debian 12
- Update PCI-DSS profile for RHEL
- lots of bugfixes and improvements for SLE
spacecmd:
- Version 4.3.27-0
- Update translation strings
Special Instructions and Notes:
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Manager Client Tools for Ubuntu 20.04 2004
zypper in -t patch suse-ubu204ct-client-tools-202404-15254=1
Package List:
-
SUSE Manager Client Tools for Ubuntu 20.04 2004 (all)
- salt-common-3006.0+ds-1+2.122.2
- salt-minion-3006.0+ds-1+2.122.2
- scap-security-guide-ubuntu-0.1.71-2.41.2
- spacecmd-4.3.27-2.81.2
References:
- https://www.suse.com/security/cve/CVE-2024-22231.html
- https://www.suse.com/security/cve/CVE-2024-22232.html
- https://bugzilla.suse.com/show_bug.cgi?id=1211649
- https://bugzilla.suse.com/show_bug.cgi?id=1211888
- https://bugzilla.suse.com/show_bug.cgi?id=1216850
- https://bugzilla.suse.com/show_bug.cgi?id=1218482
- https://bugzilla.suse.com/show_bug.cgi?id=1219001
- https://bugzilla.suse.com/show_bug.cgi?id=1219430
- https://bugzilla.suse.com/show_bug.cgi?id=1219431
- https://jira.suse.com/browse/ECO-3319
- https://jira.suse.com/browse/MSQA-760