Recommended update for salt

Announcement ID:	SUSE-RU-2017:0171-1
Rating:	moderate
References:	bsc#1003449 bsc#1004047 bsc#1004260 bsc#1004723 bsc#1008933 bsc#1012398 bsc#986019 bsc#999852
Cross-References:	CVE-2016-9639
CVSS scores:	CVE-2016-9639 ( NVD ): 9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products:	SUSE Enterprise Storage 4 SUSE Linux Enterprise High Performance Computing 12 SP2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP2

An update that solves one vulnerability and has seven fixes can now be installed.

Description:

This update for Salt fixes one security issue and several non-security issues.

The following security issue has been fixed:

• Fix possible information leak due to revoked keys still being used. (bsc#1012398, CVE-2016-9639)

The following non-security issues have been fixed:

• Update to 2015.8.12
• Add pre-require to salt for minions.
• Do not restart salt-minion in salt package.
• Add try-restart to sys-v init scripts.
• Add "Restart=on-failure" for salt-minion systemd service.
• Re-introduce "KillMode=process" for salt-minion systemd service.
• Successfully exit of salt-api child processes when SIGTERM is received.
• Fix exit codes of sysv init script. (bsc#999852)
• Include resolution parameters in the Zypper debug-solver call during a dry-run dist-upgrade.
• Fix Salt API crash via salt-ssh on empty roster. (bsc#1004723)
• Add 'dist-upgrade' support to zypper module. (fate#320559)
• Fix position of -X option to setfacl. (bsc#1004260)
• Fix generated shebang in scripts on SLES-ES 7. (bsc#1004047)
• Fix changing default-timezone. (bsc#1008933)

Special Instructions and Notes:

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Enterprise Storage 4
  zypper in -t patch SUSE-Storage-4-2017-77=1

Package List:

• SUSE Enterprise Storage 4 (aarch64 x86_64)
  • salt-2015.8.12-27.5
  • salt-master-2015.8.12-27.5
  • salt-minion-2015.8.12-27.5

References:

• https://www.suse.com/security/cve/CVE-2016-9639.html
• https://bugzilla.suse.com/show_bug.cgi?id=1003449
• https://bugzilla.suse.com/show_bug.cgi?id=1004047
• https://bugzilla.suse.com/show_bug.cgi?id=1004260
• https://bugzilla.suse.com/show_bug.cgi?id=1004723
• https://bugzilla.suse.com/show_bug.cgi?id=1008933
• https://bugzilla.suse.com/show_bug.cgi?id=1012398
• https://bugzilla.suse.com/show_bug.cgi?id=986019
• https://bugzilla.suse.com/show_bug.cgi?id=999852