Recommended update for Salt

Announcement ID:	SUSE-RU-2020:0685-1
Rating:	moderate
References:	bsc#1135656 bsc#1153611 bsc#1157465 bsc#1158940 bsc#1159118 bsc#1160931 bsc#1162327 bsc#1162504 bsc#1165425
Cross-References:	CVE-2019-17361 CVE-2019-18897
CVSS scores:	CVE-2019-17361 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-17361 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-18897 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-18897 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	Advanced Systems Management Module 12 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise High Performance Computing 12 SP2 SUSE Linux Enterprise High Performance Computing 12 SP3 SUSE Linux Enterprise High Performance Computing 12 SP4 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Point of Service Image Server 12 12-SP2 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 SUSE Manager Client Tools for SLE 12 SUSE Manager Proxy 3.2 SUSE Manager Server 3.2

An update that solves two vulnerabilities and has seven fixes can now be installed.

Description:

This update fixes the following issues:

salt:

RHEL/CentOS 8 uses platform-python instead of python3
New configuration option for selection of grains in the minion start event.
Fix 'os_family' grain for Astra Linux Common Edition
Fix for salt-api NET API where unauthenticated attacker could run arbitrary code (CVE-2019-17361) (bsc#1162504)
Adds disabled parameter to mod_repo in aptpkg module
Move token with atomic operation
Bad API token files get deleted (bsc#1160931)
Support for Btrfs and XFS in parted and mkfs added
Adds list_downloaded for apt Module to enable pre-downloading support
Adds virt.(pool|network)_get_xml functions
Virt: adding kernel boot parameters to libvirt xml
Fix to scheduler when data['run'] does not exist (bsc#1159118)
Fix virt states to not fail on VMs already stopped
Fix applying of attributes for returner rawfile_json (bsc#1158940)
Xfs: do not fail if type is not present (bsc#1153611)
Don't use __python indirection macros on spec file %__python is no longer defined in RPM 4.15 (python2 is going EOL in Jan 2020); additionally, python/python3 are just binaries in the path.
Fix errors when running virt.get_hypervisor function
Align virt.full_info fixes with upstream Salt
Fix for log checking in x509 test
Prevent test_mod_del_repo_multiline_values to fail
Read repo info without using interpolation (bsc#1135656)
Replacing pycrypto with M2Crypto as dependency for >= SLE15 (bsc#1165425)
Batch Async: Handle exceptions, properly unregister and close instances after running async batching to avoid CPU starvation of the MWorkers (bsc#1162327)
Avoid possible user escalation upgrading salt-master (bsc#1157465) (CVE-2019-18897)

Special Instructions and Notes:

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

SUSE Manager Client Tools for SLE 12
zypper in -t patch SUSE-SLE-Manager-Tools-12-2020-685=1
Advanced Systems Management Module 12
zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2020-685=1
SUSE Linux Enterprise Point of Service Image Server 12 12-SP2
zypper in -t patch SUSE-SLE-POS-12-SP2-2020-685=1
SUSE Manager Proxy 3.2
zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2020-685=1
SUSE Manager Server 3.2
zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2020-685=1

Package List:

SUSE Manager Client Tools for SLE 12 (aarch64 ppc64le s390x x86_64)
- salt-minion-2019.2.0-46.88.1
- python2-salt-2019.2.0-46.88.1
- salt-doc-2019.2.0-46.88.1
- salt-2019.2.0-46.88.1
- python3-salt-2019.2.0-46.88.1
Advanced Systems Management Module 12 (ppc64le s390x x86_64)
- salt-minion-2019.2.0-46.88.1
- salt-master-2019.2.0-46.88.1
- python2-salt-2019.2.0-46.88.1
- salt-syndic-2019.2.0-46.88.1
- salt-doc-2019.2.0-46.88.1
- salt-proxy-2019.2.0-46.88.1
- salt-ssh-2019.2.0-46.88.1
- salt-cloud-2019.2.0-46.88.1
- salt-2019.2.0-46.88.1
- salt-standalone-formulas-configuration-2019.2.0-46.88.1
- salt-api-2019.2.0-46.88.1
Advanced Systems Management Module 12 (noarch)
- salt-zsh-completion-2019.2.0-46.88.1
- salt-bash-completion-2019.2.0-46.88.1
SUSE Linux Enterprise Point of Service Image Server 12 12-SP2 (x86_64)
- salt-2019.2.0-46.88.1
- salt-minion-2019.2.0-46.88.1
- python2-salt-2019.2.0-46.88.1
SUSE Manager Proxy 3.2 (x86_64)
- salt-2019.2.0-46.88.1
- salt-minion-2019.2.0-46.88.1
- python3-salt-2019.2.0-46.88.1
- python2-salt-2019.2.0-46.88.1
SUSE Manager Server 3.2 (ppc64le s390x x86_64)
- salt-minion-2019.2.0-46.88.1
- salt-master-2019.2.0-46.88.1
- python2-salt-2019.2.0-46.88.1
- salt-syndic-2019.2.0-46.88.1
- salt-doc-2019.2.0-46.88.1
- salt-proxy-2019.2.0-46.88.1
- salt-standalone-formulas-configuration-2019.2.0-46.88.1
- salt-ssh-2019.2.0-46.88.1
- salt-cloud-2019.2.0-46.88.1
- salt-2019.2.0-46.88.1
- python3-salt-2019.2.0-46.88.1
- salt-api-2019.2.0-46.88.1
SUSE Manager Server 3.2 (noarch)
- salt-zsh-completion-2019.2.0-46.88.1
- salt-bash-completion-2019.2.0-46.88.1

Recommended update for Salt

Description:

Special Instructions and Notes:

Patch Instructions:

Package List:

References: