SUSE-SU-2018:3862-1

Опубликовано: 22 нояб. 2018

Источник: suse-cvrf

Описание

Security update for salt

This update for salt fixes the following issues:

Security issues fixed:

CVE-2018-15750: Fixed directory traversal vulnerability in salt-api (bsc#1113698).
CVE-2018-15751: Fixed remote authentication bypass in salt-api(netapi) that allows to execute arbitrary commands (bsc#1113699).

Non-security issues fixed:

Improved handling of LDAP group id. gid is no longer treated as a string, which could have lead to faulty group creations (bsc#1113784).
Fix async call to process manager (bsc#1110938).
Fixed OS arch detection when RPM is not installed (bsc#1114197).

Список пакетов

SUSE Linux Enterprise Module for Advanced Systems Management 12

python2-salt-2018.3.0-46.44.1

salt-2018.3.0-46.44.1

salt-api-2018.3.0-46.44.1

salt-bash-completion-2018.3.0-46.44.1

salt-cloud-2018.3.0-46.44.1

salt-doc-2018.3.0-46.44.1

salt-master-2018.3.0-46.44.1

salt-minion-2018.3.0-46.44.1

salt-proxy-2018.3.0-46.44.1

salt-ssh-2018.3.0-46.44.1

salt-syndic-2018.3.0-46.44.1

salt-zsh-completion-2018.3.0-46.44.1

SUSE Linux Enterprise Point of Sale 12 SP2

python2-salt-2018.3.0-46.44.1

salt-2018.3.0-46.44.1

salt-minion-2018.3.0-46.44.1

SUSE Manager Client Tools 12

python2-salt-2018.3.0-46.44.1

python3-salt-2018.3.0-46.44.1

salt-2018.3.0-46.44.1

salt-doc-2018.3.0-46.44.1

salt-minion-2018.3.0-46.44.1

SUSE Manager Proxy 3.0

python2-salt-2018.3.0-46.44.1

salt-2018.3.0-46.44.1

salt-api-2018.3.0-46.44.1

salt-bash-completion-2018.3.0-46.44.1

salt-doc-2018.3.0-46.44.1

salt-master-2018.3.0-46.44.1

salt-minion-2018.3.0-46.44.1

salt-proxy-2018.3.0-46.44.1

salt-ssh-2018.3.0-46.44.1

salt-syndic-2018.3.0-46.44.1

salt-zsh-completion-2018.3.0-46.44.1

SUSE Manager Proxy 3.1

python2-salt-2018.3.0-46.44.1

python3-salt-2018.3.0-46.44.1

salt-2018.3.0-46.44.1

salt-minion-2018.3.0-46.44.1

SUSE Manager Proxy 3.2

python2-salt-2018.3.0-46.44.1

python3-salt-2018.3.0-46.44.1

salt-2018.3.0-46.44.1

salt-minion-2018.3.0-46.44.1

SUSE Manager Server 3.0

python2-salt-2018.3.0-46.44.1

salt-2018.3.0-46.44.1

salt-api-2018.3.0-46.44.1

salt-bash-completion-2018.3.0-46.44.1

salt-doc-2018.3.0-46.44.1

salt-master-2018.3.0-46.44.1

salt-minion-2018.3.0-46.44.1

salt-proxy-2018.3.0-46.44.1

salt-ssh-2018.3.0-46.44.1

salt-syndic-2018.3.0-46.44.1

salt-zsh-completion-2018.3.0-46.44.1

SUSE Manager Server 3.1

python2-salt-2018.3.0-46.44.1

python3-salt-2018.3.0-46.44.1

salt-2018.3.0-46.44.1

salt-api-2018.3.0-46.44.1

salt-bash-completion-2018.3.0-46.44.1

salt-cloud-2018.3.0-46.44.1

salt-doc-2018.3.0-46.44.1

salt-master-2018.3.0-46.44.1

salt-minion-2018.3.0-46.44.1

salt-proxy-2018.3.0-46.44.1

salt-ssh-2018.3.0-46.44.1

salt-syndic-2018.3.0-46.44.1

salt-zsh-completion-2018.3.0-46.44.1

SUSE Manager Server 3.2

python2-salt-2018.3.0-46.44.1

python3-salt-2018.3.0-46.44.1

salt-2018.3.0-46.44.1

salt-api-2018.3.0-46.44.1

salt-bash-completion-2018.3.0-46.44.1

salt-cloud-2018.3.0-46.44.1

salt-doc-2018.3.0-46.44.1

salt-master-2018.3.0-46.44.1

salt-minion-2018.3.0-46.44.1

salt-proxy-2018.3.0-46.44.1

salt-ssh-2018.3.0-46.44.1

salt-syndic-2018.3.0-46.44.1

salt-zsh-completion-2018.3.0-46.44.1

Ссылки

https://www.suse.com/support/update/announcement/2018/suse-su-20183862-1/
Link for SUSE-SU-2018:3862-1
https://lists.suse.com/pipermail/sle-security-updates/2018-November/004871.html
E-Mail link for SUSE-SU-2018:3862-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1110938
SUSE Bug 1110938
https://bugzilla.suse.com/1113698
SUSE Bug 1113698
https://bugzilla.suse.com/1113699
SUSE Bug 1113699
https://bugzilla.suse.com/1113784
SUSE Bug 1113784
https://bugzilla.suse.com/1114197
SUSE Bug 1114197
https://www.suse.com/security/cve/CVE-2018-15750/
SUSE CVE CVE-2018-15750 page
https://www.suse.com/security/cve/CVE-2018-15751/
SUSE CVE CVE-2018-15751 page

Описание

Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.

Затронутые продукты

SUSE Linux Enterprise Module for Advanced Systems Management 12:python2-salt-2018.3.0-46.44.1

SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-2018.3.0-46.44.1

SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-api-2018.3.0-46.44.1

SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-bash-completion-2018.3.0-46.44.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-15750.html
CVE-2018-15750
https://bugzilla.suse.com/1113698
SUSE Bug 1113698

Описание

SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).

Затронутые продукты

SUSE Linux Enterprise Module for Advanced Systems Management 12:python2-salt-2018.3.0-46.44.1

SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-2018.3.0-46.44.1

SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-api-2018.3.0-46.44.1

SUSE Linux Enterprise Module for Advanced Systems Management 12:salt-bash-completion-2018.3.0-46.44.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-15751.html
CVE-2018-15751
https://bugzilla.suse.com/1113698
SUSE Bug 1113698
https://bugzilla.suse.com/1113699
SUSE Bug 1113699

SUSE-SU-2018:3862-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Advanced Systems Management 12

SUSE Linux Enterprise Point of Sale 12 SP2

SUSE Manager Client Tools 12

SUSE Manager Proxy 3.0

SUSE Manager Proxy 3.1

SUSE Manager Proxy 3.2

SUSE Manager Server 3.0

SUSE Manager Server 3.1

SUSE Manager Server 3.2

Ссылки

Уязвимость: CVE-2018-15750

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2018-15751

Описание

Затронутые продукты

Ссылки