Security update for SUSE Manager Salt Bundle
Announcement ID: | SUSE-SU-2023:3128-1 |
---|---|
Rating: | moderate |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves one vulnerability, contains one feature and has five security fixes can now be installed.
Description:
This update fixes the following issues:
venv-salt-minion:
- Security fixes:
- CVE-2023-28370: Tornado: Fix an open redirect in StaticFileHandler (bsc#1211741)
- Bug fixes:
- Prevent _pygit2.GitError: error loading known_hosts when $HOME is not set (bsc#1210994)
- Fix ModuleNotFoundError and other issues raised by salt-support module (bsc#1211591)
- Make master_tops compatible with Salt 3000 and older minions (bsc#1212516) (bsc#1212517)
- Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754)
Special Instructions and Notes:
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Manager Client Tools for SLE 12
zypper in -t patch SUSE-SLE-Manager-Tools-12-2023-3128=1
Package List:
-
SUSE Manager Client Tools for SLE 12 (aarch64 ppc64le s390x x86_64)
- venv-salt-minion-3006.0-3.33.2
References:
- https://www.suse.com/security/cve/CVE-2023-28370.html
- https://bugzilla.suse.com/show_bug.cgi?id=1210994
- https://bugzilla.suse.com/show_bug.cgi?id=1211591
- https://bugzilla.suse.com/show_bug.cgi?id=1211741
- https://bugzilla.suse.com/show_bug.cgi?id=1211754
- https://bugzilla.suse.com/show_bug.cgi?id=1212516
- https://bugzilla.suse.com/show_bug.cgi?id=1212517
- https://jira.suse.com/browse/MSQA-679