Security update for salt
Announcement ID: | SUSE-SU-2022:14932-1 |
---|---|
Rating: | important |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves four vulnerabilities can now be installed.
Description:
This update for salt fixes the following issues:
- CVE-2022-22935: Sign authentication replies to prevent MiTM (bsc#1197417)
- CVE-2022-22934: Sign pillar data to prevent MiTM attacks. (bsc#1197417)
- CVE-2022-22936: Prevent job and fileserver replays (bsc#1197417)
- CVE-2022-22941: Fixed targeting bug, especially visible when using syndic and user auth. (bsc#1197417)
Special Instructions and Notes:
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Manager Client Tools for Ubuntu 18.04 1804
zypper in -t patch suse-ubu184ct-salt-20220328-14932=1
Package List:
-
SUSE Manager Client Tools for Ubuntu 18.04 1804 (all)
- salt-common-3002.2+ds-1+107.1
- salt-minion-3002.2+ds-1+107.1