Описание
Security update for salt
This update for salt fixes the following issues:
- Fix CVE-2020-11651 and CVE-2020-11652 (bsc#1170595)
Список пакетов
Image SLES15-SAP-Azure-BYOS
python3-salt-2019.2.0-5.67.1
salt-2019.2.0-5.67.1
salt-minion-2019.2.0-5.67.1
Image SLES15-SAP-EC2-HVM-BYOS
python3-salt-2019.2.0-5.67.1
salt-2019.2.0-5.67.1
salt-minion-2019.2.0-5.67.1
Image SLES15-SAP-GCE-BYOS
python3-salt-2019.2.0-5.67.1
salt-2019.2.0-5.67.1
salt-minion-2019.2.0-5.67.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS
python2-salt-2019.2.0-5.67.1
python3-salt-2019.2.0-5.67.1
salt-2019.2.0-5.67.1
salt-api-2019.2.0-5.67.1
salt-bash-completion-2019.2.0-5.67.1
salt-cloud-2019.2.0-5.67.1
salt-doc-2019.2.0-5.67.1
salt-fish-completion-2019.2.0-5.67.1
salt-master-2019.2.0-5.67.1
salt-minion-2019.2.0-5.67.1
salt-proxy-2019.2.0-5.67.1
salt-ssh-2019.2.0-5.67.1
salt-standalone-formulas-configuration-2019.2.0-5.67.1
salt-syndic-2019.2.0-5.67.1
salt-zsh-completion-2019.2.0-5.67.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
python2-salt-2019.2.0-5.67.1
python3-salt-2019.2.0-5.67.1
salt-2019.2.0-5.67.1
salt-api-2019.2.0-5.67.1
salt-bash-completion-2019.2.0-5.67.1
salt-cloud-2019.2.0-5.67.1
salt-doc-2019.2.0-5.67.1
salt-fish-completion-2019.2.0-5.67.1
salt-master-2019.2.0-5.67.1
salt-minion-2019.2.0-5.67.1
salt-proxy-2019.2.0-5.67.1
salt-ssh-2019.2.0-5.67.1
salt-standalone-formulas-configuration-2019.2.0-5.67.1
salt-syndic-2019.2.0-5.67.1
salt-zsh-completion-2019.2.0-5.67.1
SUSE Linux Enterprise Server 15-LTSS
python2-salt-2019.2.0-5.67.1
python3-salt-2019.2.0-5.67.1
salt-2019.2.0-5.67.1
salt-api-2019.2.0-5.67.1
salt-bash-completion-2019.2.0-5.67.1
salt-cloud-2019.2.0-5.67.1
salt-doc-2019.2.0-5.67.1
salt-fish-completion-2019.2.0-5.67.1
salt-master-2019.2.0-5.67.1
salt-minion-2019.2.0-5.67.1
salt-proxy-2019.2.0-5.67.1
salt-ssh-2019.2.0-5.67.1
salt-standalone-formulas-configuration-2019.2.0-5.67.1
salt-syndic-2019.2.0-5.67.1
salt-zsh-completion-2019.2.0-5.67.1
SUSE Linux Enterprise Server for SAP Applications 15
python2-salt-2019.2.0-5.67.1
python3-salt-2019.2.0-5.67.1
salt-2019.2.0-5.67.1
salt-api-2019.2.0-5.67.1
salt-bash-completion-2019.2.0-5.67.1
salt-cloud-2019.2.0-5.67.1
salt-doc-2019.2.0-5.67.1
salt-fish-completion-2019.2.0-5.67.1
salt-master-2019.2.0-5.67.1
salt-minion-2019.2.0-5.67.1
salt-proxy-2019.2.0-5.67.1
salt-ssh-2019.2.0-5.67.1
salt-standalone-formulas-configuration-2019.2.0-5.67.1
salt-syndic-2019.2.0-5.67.1
salt-zsh-completion-2019.2.0-5.67.1
Ссылки
- Link for SUSE-SU-2020:1151-1
- E-Mail link for SUSE-SU-2020:1151-1
- SUSE Security Ratings
- SUSE Bug 1170595
- SUSE CVE CVE-2020-11651 page
- SUSE CVE CVE-2020-11652 page
Описание
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.
Затронутые продукты
Image SLES15-SAP-Azure-BYOS:python3-salt-2019.2.0-5.67.1
Image SLES15-SAP-Azure-BYOS:salt-2019.2.0-5.67.1
Image SLES15-SAP-Azure-BYOS:salt-minion-2019.2.0-5.67.1
Image SLES15-SAP-EC2-HVM-BYOS:python3-salt-2019.2.0-5.67.1
Ссылки
- CVE-2020-11651
- SUSE Bug 1170595
Описание
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
Затронутые продукты
Image SLES15-SAP-Azure-BYOS:python3-salt-2019.2.0-5.67.1
Image SLES15-SAP-Azure-BYOS:salt-2019.2.0-5.67.1
Image SLES15-SAP-Azure-BYOS:salt-minion-2019.2.0-5.67.1
Image SLES15-SAP-EC2-HVM-BYOS:python3-salt-2019.2.0-5.67.1
Ссылки
- CVE-2020-11652
- SUSE Bug 1170595