|Category:||SuSE Local Security Checks|
|Title:||SuSE Update for salt openSUSE-SU-2018:4197-1 (salt)|
|Summary:||The remote host is missing an update for the 'salt'; package(s) announced via the openSUSE-SU-2018:4197_1 advisory.;; This NVT has been replaced by OID:188.8.131.52.4.1.256184.108.40.2064578|
The remote host is missing an update for the 'salt'
package(s) announced via the openSUSE-SU-2018:4197_1 advisory.
This NVT has been replaced by OID:220.127.116.11.4.1.25618.104.22.1684578
This update for salt fixes the following issues:
- Crontab module fix: file attributes option missing (boo#1114824)
- Fix git_pillar merging across multiple __env__ repositories (boo#1112874)
- Bugfix: unable to detect os arch when RPM is not installed (boo#1114197)
- Fix LDAP authentication issue when a valid token is generated by the
salt-api even when invalid user credentials are passed. (U#48901)
- Improved handling of LDAP group id. gid is no longer treated as a
string, which could have lead to faulty group creations. (boo#1113784)
- Fix remote command execution and incorrect access control when using
salt-api. (boo#1113699) (CVE-2018-15751)
- Fix Directory traversal vulnerability when using salt-api. Allows an
attacker to determine what files exist on a server when querying /run or
/events. (boo#1113698) (CVE-2018-15750)
- Add multi-file support and globbing to the filetree (U#50018)
- Bugfix: supportconfig non-root permission issues (U#50095)
- Open profiles permissions to everyone for read-only
- Preserving signature in 'module.run' state (U#50049)
- Install default salt-support profiles
- Remove unit test, came from a wrong branch. Fix merging failure.
- Add CPE_NAME for osversion* grain parsing
- Get os_family for RPM distros from the RPM macros
- Install support profiles
- Fix async call to process manager (boo#1110938)
- Salt-based supportconfig implementation (technology preview)
- Bugfix: any unicode string of length 16 will raise TypeError
- Fix IPv6 scope (boo#1108557)
- Handle zypper ZYPPER_EXIT_NO_REPOS exit code (boo#1108834, boo#1109893)
- Bugfix for pkg_resources crash (boo#1104491)
- Fix loosen azure sdk dependencies in azurearm cloud driver (boo#1107333)
- Fix broken 'resolve_capabilities' on Python 3 (boo#1108995)
To install this openSUSE Security Update use the SUSE recommended
like YaST online_update or 'zypper patch'.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-1574=1
salt on openSUSE Leap 42.3.
Please install the updated package(s).
Common Vulnerability Exposure (CVE) ID: CVE-2018-15750|
Common Vulnerability Exposure (CVE) ID: CVE-2018-15751
|Copyright||Copyright (C) 2018 Greenbone Networks GmbH|
|This is only one of 72306 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.