Описание
Security update for salt
This update for salt fixes the following issues:
- Fix CVE-2020-11651 and CVE-2020-11652 (bsc#1170595)
Список пакетов
Image SLES12-SP4-Azure-BYOS
python2-salt-2019.2.0-46.91.1
salt-2019.2.0-46.91.1
salt-minion-2019.2.0-46.91.1
Image SLES12-SP4-EC2-HVM-BYOS
python2-salt-2019.2.0-46.91.1
salt-2019.2.0-46.91.1
salt-minion-2019.2.0-46.91.1
Image SLES12-SP4-GCE-BYOS
python2-salt-2019.2.0-46.91.1
salt-2019.2.0-46.91.1
salt-minion-2019.2.0-46.91.1
Image SLES12-SP4-SAP-Azure-BYOS
python2-salt-2019.2.0-46.91.1
salt-2019.2.0-46.91.1
salt-minion-2019.2.0-46.91.1
Image SLES12-SP4-SAP-EC2-HVM-BYOS
python2-salt-2019.2.0-46.91.1
salt-2019.2.0-46.91.1
salt-minion-2019.2.0-46.91.1
Image SLES12-SP4-SAP-GCE-BYOS
python2-salt-2019.2.0-46.91.1
salt-2019.2.0-46.91.1
salt-minion-2019.2.0-46.91.1
Image SLES12-SP5-Azure-BYOS
python2-salt-2019.2.0-46.91.1
salt-2019.2.0-46.91.1
salt-minion-2019.2.0-46.91.1
Image SLES12-SP5-Azure-HPC-BYOS
python2-salt-2019.2.0-46.91.1
salt-2019.2.0-46.91.1
salt-minion-2019.2.0-46.91.1
Image SLES12-SP5-Azure-SAP-BYOS
python2-salt-2019.2.0-46.91.1
salt-2019.2.0-46.91.1
salt-minion-2019.2.0-46.91.1
Image SLES12-SP5-EC2-BYOS
python2-salt-2019.2.0-46.91.1
salt-2019.2.0-46.91.1
salt-minion-2019.2.0-46.91.1
Image SLES12-SP5-EC2-SAP-BYOS
python2-salt-2019.2.0-46.91.1
salt-2019.2.0-46.91.1
salt-minion-2019.2.0-46.91.1
Image SLES12-SP5-GCE-BYOS
python2-salt-2019.2.0-46.91.1
salt-2019.2.0-46.91.1
salt-minion-2019.2.0-46.91.1
Image SLES12-SP5-GCE-SAP-BYOS
python2-salt-2019.2.0-46.91.1
salt-2019.2.0-46.91.1
salt-minion-2019.2.0-46.91.1
SUSE Linux Enterprise Module for Advanced Systems Management 12
python2-salt-2019.2.0-46.91.1
salt-2019.2.0-46.91.1
salt-api-2019.2.0-46.91.1
salt-bash-completion-2019.2.0-46.91.1
salt-cloud-2019.2.0-46.91.1
salt-doc-2019.2.0-46.91.1
salt-master-2019.2.0-46.91.1
salt-minion-2019.2.0-46.91.1
salt-proxy-2019.2.0-46.91.1
salt-ssh-2019.2.0-46.91.1
salt-standalone-formulas-configuration-2019.2.0-46.91.1
salt-syndic-2019.2.0-46.91.1
salt-zsh-completion-2019.2.0-46.91.1
SUSE Linux Enterprise Point of Sale 12 SP2
python2-salt-2019.2.0-46.91.1
salt-2019.2.0-46.91.1
salt-minion-2019.2.0-46.91.1
SUSE Manager Client Tools 12
python2-salt-2019.2.0-46.91.1
python3-salt-2019.2.0-46.91.1
salt-2019.2.0-46.91.1
salt-doc-2019.2.0-46.91.1
salt-minion-2019.2.0-46.91.1
SUSE Manager Proxy 3.2
python2-salt-2019.2.0-46.91.1
python3-salt-2019.2.0-46.91.1
salt-2019.2.0-46.91.1
salt-minion-2019.2.0-46.91.1
SUSE Manager Server 3.2
python2-salt-2019.2.0-46.91.1
python3-salt-2019.2.0-46.91.1
salt-2019.2.0-46.91.1
salt-api-2019.2.0-46.91.1
salt-bash-completion-2019.2.0-46.91.1
salt-cloud-2019.2.0-46.91.1
salt-doc-2019.2.0-46.91.1
salt-master-2019.2.0-46.91.1
salt-minion-2019.2.0-46.91.1
salt-proxy-2019.2.0-46.91.1
salt-ssh-2019.2.0-46.91.1
salt-standalone-formulas-configuration-2019.2.0-46.91.1
salt-syndic-2019.2.0-46.91.1
salt-zsh-completion-2019.2.0-46.91.1
Ссылки
- Link for SUSE-SU-2020:1147-1
- E-Mail link for SUSE-SU-2020:1147-1
- SUSE Security Ratings
- SUSE Bug 1170595
- SUSE CVE CVE-2020-11651 page
- SUSE CVE CVE-2020-11652 page
Описание
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.
Затронутые продукты
Image SLES12-SP4-Azure-BYOS:python2-salt-2019.2.0-46.91.1
Image SLES12-SP4-Azure-BYOS:salt-2019.2.0-46.91.1
Image SLES12-SP4-Azure-BYOS:salt-minion-2019.2.0-46.91.1
Image SLES12-SP4-EC2-HVM-BYOS:python2-salt-2019.2.0-46.91.1
Ссылки
- CVE-2020-11651
- SUSE Bug 1170595
Описание
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
Затронутые продукты
Image SLES12-SP4-Azure-BYOS:python2-salt-2019.2.0-46.91.1
Image SLES12-SP4-Azure-BYOS:salt-2019.2.0-46.91.1
Image SLES12-SP4-Azure-BYOS:salt-minion-2019.2.0-46.91.1
Image SLES12-SP4-EC2-HVM-BYOS:python2-salt-2019.2.0-46.91.1
Ссылки
- CVE-2020-11652
- SUSE Bug 1170595