English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 148472 CVE descriptions
and 72306 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.852198
Category:SuSE Local Security Checks
Title:SuSE Update for salt openSUSE-SU-2018:4197-1 (salt)
Summary:The remote host is missing an update for the 'salt'; package(s) announced via the openSUSE-SU-2018:4197_1 advisory.;; This NVT has been replaced by OID:1.3.6.1.4.1.25623.1.0.814578
Description:Summary:
The remote host is missing an update for the 'salt'
package(s) announced via the openSUSE-SU-2018:4197_1 advisory.

This NVT has been replaced by OID:1.3.6.1.4.1.25623.1.0.814578

Vulnerability Insight:
This update for salt fixes the following issues:

- Crontab module fix: file attributes option missing (boo#1114824)

- Fix git_pillar merging across multiple __env__ repositories (boo#1112874)

- Bugfix: unable to detect os arch when RPM is not installed (boo#1114197)

- Fix LDAP authentication issue when a valid token is generated by the
salt-api even when invalid user credentials are passed. (U#48901)

- Improved handling of LDAP group id. gid is no longer treated as a
string, which could have lead to faulty group creations. (boo#1113784)

- Fix remote command execution and incorrect access control when using
salt-api. (boo#1113699) (CVE-2018-15751)

- Fix Directory traversal vulnerability when using salt-api. Allows an
attacker to determine what files exist on a server when querying /run or
/events. (boo#1113698) (CVE-2018-15750)

- Add multi-file support and globbing to the filetree (U#50018)

- Bugfix: supportconfig non-root permission issues (U#50095)

- Open profiles permissions to everyone for read-only

- Preserving signature in 'module.run' state (U#50049)

- Install default salt-support profiles

- Remove unit test, came from a wrong branch. Fix merging failure.

- Add CPE_NAME for osversion* grain parsing

- Get os_family for RPM distros from the RPM macros

- Install support profiles

- Fix async call to process manager (boo#1110938)

- Salt-based supportconfig implementation (technology preview)

- Bugfix: any unicode string of length 16 will raise TypeError

- Fix IPv6 scope (boo#1108557)

- Handle zypper ZYPPER_EXIT_NO_REPOS exit code (boo#1108834, boo#1109893)

- Bugfix for pkg_resources crash (boo#1104491)

- Fix loosen azure sdk dependencies in azurearm cloud driver (boo#1107333)

- Fix broken 'resolve_capabilities' on Python 3 (boo#1108995)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended
installation methods
like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1574=1

Affected Software/OS:
salt on openSUSE Leap 42.3.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-15750
Common Vulnerability Exposure (CVE) ID: CVE-2018-15751
CopyrightCopyright (C) 2018 Greenbone Networks GmbH

This is only one of 72306 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.