Security update for SUSE Manager Salt Bundle
Announcement ID: | SUSE-SU-2024:4020-1 |
---|---|
Release Date: | 2024-11-18T13:25:06Z |
Rating: | important |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves nine vulnerabilities, contains one feature and has 14 security fixes can now be installed.
Description:
This update fixes the following issues:
venv-salt-minion:
-
Security fixes on Python 3.11 interpreter:
-
CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes (bsc#1229873, bsc#1230059)
- CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Path (bsc#1229704, bsc#1230058)
- CVE-2024-6923: Prevent email header injection due to unquoted newlines (bsc#1228780)
- CVE-2024-4032: Rearranging definition of private global IP addresses (bsc#1226448)
-
CVE-2024-0397: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs() now correctly lock access to the certificate store, when the ssl.SSLContext is shared across multiple threads (bsc#1226447)
-
Security fixes on Python dependencies:
-
CVE-2024-5569: zipp: Fixed a Denial of Service (DoS) vulnerability in the jaraco/zipp library (bsc#1227547, bsc#1229996)
- CVE-2024-6345: setuptools: Sanitize any VCS URL used for download (bsc#1228105, bsc#1229995)
- CVE-2024-3651: idna: Fix a potential DoS via resource consumption via specially crafted inputs to idna.encode() (bsc#1222842, bsc#1229994)
-
CVE-2024-37891: urllib3: Added the
Proxy-Authorization
header to the list of headers to strip from requests when redirecting to a different host (bsc#1226469, bsc#1229654) -
Other bugs fixed:
-
Added passlib Python module to the bundle
- Allow NamedLoaderContexts to be returned from loader
- Avoid crash on wrong output of systemctl version (bsc#1229539)
- Avoid explicit reading of /etc/salt/minion (bsc#1220357)
- Enable post_start_cleanup.sh to work in a transaction
- Fixed cloud Minion configuration for multiple Masters (bsc#1229109)
- Fixed failing x509 tests with OpenSSL < 1.1
- Fixed the SELinux context for Salt Minion service (bsc#1219041)
- Fixed zyppnotify plugin after latest zypp/libzypp upgrades (bsc#1231697, bsc#1231045)
- Improved error handling with different OpenSSL versions
- Increase warn_until_date date for code we still support
- Prevent using SyncWrapper with no reason
- Reverted the change making reactor less blocking (bsc#1230322)
- Use --cachedir for extension_modules in salt-call (bsc#1226141)
- Use Pygit2 id instead of deprecated oid in gitfs
Special Instructions and Notes:
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Manager Client Tools for SLE 12
zypper in -t patch SUSE-SLE-Manager-Tools-12-2024-4020=1
Package List:
-
SUSE Manager Client Tools for SLE 12 (aarch64 ppc64le s390x x86_64)
- venv-salt-minion-3006.0-3.65.1
References:
- https://www.suse.com/security/cve/CVE-2024-0397.html
- https://www.suse.com/security/cve/CVE-2024-3651.html
- https://www.suse.com/security/cve/CVE-2024-37891.html
- https://www.suse.com/security/cve/CVE-2024-4032.html
- https://www.suse.com/security/cve/CVE-2024-5569.html
- https://www.suse.com/security/cve/CVE-2024-6345.html
- https://www.suse.com/security/cve/CVE-2024-6923.html
- https://www.suse.com/security/cve/CVE-2024-7592.html
- https://www.suse.com/security/cve/CVE-2024-8088.html
- https://bugzilla.suse.com/show_bug.cgi?id=1219041
- https://bugzilla.suse.com/show_bug.cgi?id=1220357
- https://bugzilla.suse.com/show_bug.cgi?id=1222842
- https://bugzilla.suse.com/show_bug.cgi?id=1226141
- https://bugzilla.suse.com/show_bug.cgi?id=1226447
- https://bugzilla.suse.com/show_bug.cgi?id=1226448
- https://bugzilla.suse.com/show_bug.cgi?id=1226469
- https://bugzilla.suse.com/show_bug.cgi?id=1227547
- https://bugzilla.suse.com/show_bug.cgi?id=1228105
- https://bugzilla.suse.com/show_bug.cgi?id=1228780
- https://bugzilla.suse.com/show_bug.cgi?id=1229109
- https://bugzilla.suse.com/show_bug.cgi?id=1229539
- https://bugzilla.suse.com/show_bug.cgi?id=1229654
- https://bugzilla.suse.com/show_bug.cgi?id=1229704
- https://bugzilla.suse.com/show_bug.cgi?id=1229873
- https://bugzilla.suse.com/show_bug.cgi?id=1229994
- https://bugzilla.suse.com/show_bug.cgi?id=1229995
- https://bugzilla.suse.com/show_bug.cgi?id=1229996
- https://bugzilla.suse.com/show_bug.cgi?id=1230058
- https://bugzilla.suse.com/show_bug.cgi?id=1230059
- https://bugzilla.suse.com/show_bug.cgi?id=1230322
- https://bugzilla.suse.com/show_bug.cgi?id=1231045
- https://bugzilla.suse.com/show_bug.cgi?id=1231697
- https://jira.suse.com/browse/MSQA-863