Описание
Security update for salt
This update for salt fixes the following issues:
Security issues fixed:
- CVE-2018-15750: Fixed directory traversal vulnerability in salt-api (bsc#1113698).
- CVE-2018-15751: Fixed remote authentication bypass in salt-api(netapi) that allows to execute arbitrary commands (bsc#1113699).
Non-security issues fixed:
- Improved handling of LDAP group id. gid is no longer treated as a string, which could have lead to faulty group creations (bsc#1113784).
- Fixed async call to process manager (bsc#1110938).
- Fixed OS arch detection when RPM is not installed (bsc#1114197).
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15
python2-salt-2018.3.0-5.20.1
python3-salt-2018.3.0-5.20.1
salt-2018.3.0-5.20.1
salt-bash-completion-2018.3.0-5.20.1
salt-doc-2018.3.0-5.20.1
salt-minion-2018.3.0-5.20.1
salt-zsh-completion-2018.3.0-5.20.1
SUSE Linux Enterprise Module for Server Applications 15
salt-api-2018.3.0-5.20.1
salt-cloud-2018.3.0-5.20.1
salt-fish-completion-2018.3.0-5.20.1
salt-master-2018.3.0-5.20.1
salt-proxy-2018.3.0-5.20.1
salt-ssh-2018.3.0-5.20.1
salt-syndic-2018.3.0-5.20.1
Ссылки
- Link for SUSE-SU-2018:3815-1
- E-Mail link for SUSE-SU-2018:3815-1
- SUSE Security Ratings
- SUSE Bug 1110938
- SUSE Bug 1113698
- SUSE Bug 1113699
- SUSE Bug 1113784
- SUSE Bug 1114197
- SUSE CVE CVE-2018-15750 page
- SUSE CVE CVE-2018-15751 page
Описание
Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15:python2-salt-2018.3.0-5.20.1
SUSE Linux Enterprise Module for Basesystem 15:python3-salt-2018.3.0-5.20.1
SUSE Linux Enterprise Module for Basesystem 15:salt-2018.3.0-5.20.1
SUSE Linux Enterprise Module for Basesystem 15:salt-bash-completion-2018.3.0-5.20.1
Ссылки
- CVE-2018-15750
- SUSE Bug 1113698
Описание
SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15:python2-salt-2018.3.0-5.20.1
SUSE Linux Enterprise Module for Basesystem 15:python3-salt-2018.3.0-5.20.1
SUSE Linux Enterprise Module for Basesystem 15:salt-2018.3.0-5.20.1
SUSE Linux Enterprise Module for Basesystem 15:salt-bash-completion-2018.3.0-5.20.1
Ссылки
- CVE-2018-15751
- SUSE Bug 1113698
- SUSE Bug 1113699