Security update for salt
Announcement ID: | SUSE-SU-2018:3815-1 |
---|---|
Rating: | important |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves two vulnerabilities and has three security fixes can now be installed.
Description:
This update for salt fixes the following issues:
Security issues fixed:
- CVE-2018-15750: Fixed directory traversal vulnerability in salt-api (bsc#1113698).
- CVE-2018-15751: Fixed remote authentication bypass in salt-api(netapi) that allows to execute arbitrary commands (bsc#1113699).
Non-security issues fixed:
- Improved handling of LDAP group id. gid is no longer treated as a string, which could have lead to faulty group creations (bsc#1113784).
- Fixed async call to process manager (bsc#1110938).
- Fixed OS arch detection when RPM is not installed (bsc#1114197).
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
Basesystem Module 15
zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2713=1
-
Server Applications Module 15
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2018-2713=1
Package List:
-
Basesystem Module 15 (aarch64 ppc64le s390x x86_64)
- salt-minion-2018.3.0-5.20.1
- salt-2018.3.0-5.20.1
- python2-salt-2018.3.0-5.20.1
- python3-salt-2018.3.0-5.20.1
- salt-doc-2018.3.0-5.20.1
-
Basesystem Module 15 (noarch)
- salt-zsh-completion-2018.3.0-5.20.1
- salt-bash-completion-2018.3.0-5.20.1
-
Server Applications Module 15 (aarch64 ppc64le s390x x86_64)
- salt-api-2018.3.0-5.20.1
- salt-syndic-2018.3.0-5.20.1
- salt-ssh-2018.3.0-5.20.1
- salt-master-2018.3.0-5.20.1
- salt-cloud-2018.3.0-5.20.1
- salt-proxy-2018.3.0-5.20.1
-
Server Applications Module 15 (noarch)
- salt-fish-completion-2018.3.0-5.20.1
References:
- https://www.suse.com/security/cve/CVE-2018-15750.html
- https://www.suse.com/security/cve/CVE-2018-15751.html
- https://bugzilla.suse.com/show_bug.cgi?id=1110938
- https://bugzilla.suse.com/show_bug.cgi?id=1113698
- https://bugzilla.suse.com/show_bug.cgi?id=1113699
- https://bugzilla.suse.com/show_bug.cgi?id=1113784
- https://bugzilla.suse.com/show_bug.cgi?id=1114197