Описание
Security update for salt
This update for salt fixes the following issues:
- Fix CVE-2020-11651 and CVE-2020-11652 (bsc#1170595)
Список пакетов
Image SLES15-SP1-Azure-BYOS
python3-salt-2019.2.0-6.27.1
salt-2019.2.0-6.27.1
salt-minion-2019.2.0-6.27.1
Image SLES15-SP1-Azure-HPC-BYOS
python3-salt-2019.2.0-6.27.1
salt-2019.2.0-6.27.1
salt-minion-2019.2.0-6.27.1
Image SLES15-SP1-EC2-HPC-HVM-BYOS
python3-salt-2019.2.0-6.27.1
salt-2019.2.0-6.27.1
salt-minion-2019.2.0-6.27.1
Image SLES15-SP1-EC2-HVM-BYOS
python3-salt-2019.2.0-6.27.1
salt-2019.2.0-6.27.1
salt-minion-2019.2.0-6.27.1
Image SLES15-SP1-GCE-BYOS
python3-salt-2019.2.0-6.27.1
salt-2019.2.0-6.27.1
salt-minion-2019.2.0-6.27.1
Image SLES15-SP1-Manager-4-0-Azure-BYOS-Proxy
python3-salt-2019.2.0-6.27.1
salt-2019.2.0-6.27.1
Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server
python2-salt-2019.2.0-6.27.1
python3-salt-2019.2.0-6.27.1
salt-2019.2.0-6.27.1
salt-api-2019.2.0-6.27.1
salt-master-2019.2.0-6.27.1
Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Proxy
python3-salt-2019.2.0-6.27.1
salt-2019.2.0-6.27.1
Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server
python2-salt-2019.2.0-6.27.1
python3-salt-2019.2.0-6.27.1
salt-2019.2.0-6.27.1
salt-api-2019.2.0-6.27.1
salt-master-2019.2.0-6.27.1
Image SLES15-SP1-Manager-4-0-GCE-BYOS-Proxy
python3-salt-2019.2.0-6.27.1
salt-2019.2.0-6.27.1
Image SLES15-SP1-Manager-4-0-GCE-BYOS-Server
python2-salt-2019.2.0-6.27.1
python3-salt-2019.2.0-6.27.1
salt-2019.2.0-6.27.1
salt-api-2019.2.0-6.27.1
salt-master-2019.2.0-6.27.1
Image SLES15-SP1-SAP-Azure-BYOS
python3-salt-2019.2.0-6.27.1
salt-2019.2.0-6.27.1
salt-minion-2019.2.0-6.27.1
Image SLES15-SP1-SAP-EC2-HVM-BYOS
python3-salt-2019.2.0-6.27.1
salt-2019.2.0-6.27.1
salt-minion-2019.2.0-6.27.1
Image SLES15-SP1-SAP-GCE
python3-salt-2019.2.0-6.27.1
salt-2019.2.0-6.27.1
salt-minion-2019.2.0-6.27.1
Image SLES15-SP1-SAP-GCE-BYOS
python3-salt-2019.2.0-6.27.1
salt-2019.2.0-6.27.1
salt-minion-2019.2.0-6.27.1
SUSE Linux Enterprise Module for Basesystem 15 SP1
python3-salt-2019.2.0-6.27.1
salt-2019.2.0-6.27.1
salt-bash-completion-2019.2.0-6.27.1
salt-doc-2019.2.0-6.27.1
salt-minion-2019.2.0-6.27.1
salt-zsh-completion-2019.2.0-6.27.1
SUSE Linux Enterprise Module for Python 2 15 SP1
python2-salt-2019.2.0-6.27.1
SUSE Linux Enterprise Module for Server Applications 15 SP1
salt-api-2019.2.0-6.27.1
salt-cloud-2019.2.0-6.27.1
salt-fish-completion-2019.2.0-6.27.1
salt-master-2019.2.0-6.27.1
salt-proxy-2019.2.0-6.27.1
salt-ssh-2019.2.0-6.27.1
salt-standalone-formulas-configuration-2019.2.0-6.27.1
salt-syndic-2019.2.0-6.27.1
Ссылки
- Link for SUSE-SU-2020:1150-1
- E-Mail link for SUSE-SU-2020:1150-1
- SUSE Security Ratings
- SUSE Bug 1170595
- SUSE CVE CVE-2020-11651 page
- SUSE CVE CVE-2020-11652 page
Описание
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.
Затронутые продукты
Image SLES15-SP1-Azure-BYOS:python3-salt-2019.2.0-6.27.1
Image SLES15-SP1-Azure-BYOS:salt-2019.2.0-6.27.1
Image SLES15-SP1-Azure-BYOS:salt-minion-2019.2.0-6.27.1
Image SLES15-SP1-Azure-HPC-BYOS:python3-salt-2019.2.0-6.27.1
Ссылки
- CVE-2020-11651
- SUSE Bug 1170595
Описание
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
Затронутые продукты
Image SLES15-SP1-Azure-BYOS:python3-salt-2019.2.0-6.27.1
Image SLES15-SP1-Azure-BYOS:salt-2019.2.0-6.27.1
Image SLES15-SP1-Azure-BYOS:salt-minion-2019.2.0-6.27.1
Image SLES15-SP1-Azure-HPC-BYOS:python3-salt-2019.2.0-6.27.1
Ссылки
- CVE-2020-11652
- SUSE Bug 1170595