Security update for SUSE Manager Salt Bundle
Announcement ID: | SUSE-SU-2024:1525-1 |
---|---|
Rating: | important |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves two vulnerabilities, contains one feature and has five security fixes can now be installed.
Description:
This update fixes the following issues:
venv-salt-minion:
- CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master (bsc#1219430)
- CVE-2024-22232: Prevent directory traversal attacks in the master's serve_file method (bsc#1219431)
- Convert oscap output to UTF-8
- Make Salt compatible with Python 3.11
- Ignore non-ascii chars in oscap output (bsc#1219001)
- Fix detected issues in Salt tests when running on VMs
- Make importing seco.range thread safe (bsc#1211649)
- Fix problematic tests and allow smooth tests executions on containers
- Discover Ansible playbook files as ".yml" or ".yaml" files (bsc#1211888)
- Prevent exceptions with fileserver.update when called via state (bsc#1218482)
- Improve pip target override condition with VENV_PIP_TARGET environment variable (bsc#1216850)
- Fixed KeyError in logs when running a state that fails
Special Instructions and Notes:
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Manager Client Tools for RHEL, Liberty and Clones 9
zypper in -t patch SUSE-EL-9-CLIENT-TOOLS-2024-1525=1
Package List:
-
SUSE Manager Client Tools for RHEL, Liberty and Clones 9 (aarch64 ppc64le s390x x86_64)
- venv-salt-minion-3006.0-1.36.3
References:
- https://www.suse.com/security/cve/CVE-2024-22231.html
- https://www.suse.com/security/cve/CVE-2024-22232.html
- https://bugzilla.suse.com/show_bug.cgi?id=1211649
- https://bugzilla.suse.com/show_bug.cgi?id=1211888
- https://bugzilla.suse.com/show_bug.cgi?id=1216850
- https://bugzilla.suse.com/show_bug.cgi?id=1218482
- https://bugzilla.suse.com/show_bug.cgi?id=1219001
- https://bugzilla.suse.com/show_bug.cgi?id=1219430
- https://bugzilla.suse.com/show_bug.cgi?id=1219431
- https://jira.suse.com/browse/MSQA-760