Описание
Security update for salt
This update for salt fixes the following issues:
Salt was updated to version 2016.11.10 and contains the following fixes:
Security issues fixed:
- CVE-2018-15750: Fixed directory traversal vulnerability in salt-api (bsc#1113698).
- CVE-2018-15751: Fixed remote authentication bypass in salt-api(netapi) that allows to execute arbitrary commands (bsc#1113699).
Список пакетов
SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS
salt-2016.11.10-43.38.1
salt-doc-2016.11.10-43.38.1
salt-minion-2016.11.10-43.38.1
SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS
salt-2016.11.10-43.38.1
salt-doc-2016.11.10-43.38.1
salt-minion-2016.11.10-43.38.1
Ссылки
- Link for SUSE-SU-2018:3813-1
- E-Mail link for SUSE-SU-2018:3813-1
- SUSE Security Ratings
- SUSE Bug 1113698
- SUSE Bug 1113699
- SUSE CVE CVE-2018-15750 page
- SUSE CVE CVE-2018-15751 page
Описание
Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-2016.11.10-43.38.1
SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-doc-2016.11.10-43.38.1
SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-minion-2016.11.10-43.38.1
SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-2016.11.10-43.38.1
Ссылки
- CVE-2018-15750
- SUSE Bug 1113698
Описание
SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).
Затронутые продукты
SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-2016.11.10-43.38.1
SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-doc-2016.11.10-43.38.1
SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-minion-2016.11.10-43.38.1
SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-2016.11.10-43.38.1
Ссылки
- CVE-2018-15751
- SUSE Bug 1113698
- SUSE Bug 1113699