Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2021:0631-1

Опубликовано: 26 фев. 2021
Источник: suse-cvrf

Описание

Security update for salt

This update for salt fixes the following issues:

  • Fix regression on cmd.run when passing tuples as cmd (bsc#1182740)
  • Allow extra_filerefs as sanitized kwargs for SSH client
  • Fix errors with virt.update
  • Fix for multiple for security issues (CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) (CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197) (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560) (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565)
  • virt: search for grub.xen path
  • Xen spicevmc, DNS SRV records backports: Fix virtual network generated DNS XML for SRV records Don't add spicevmc channel to xen VMs
  • virt UEFI fix: virt.update when efi=True

Список пакетов

Image SLES15-SP1-Azure-BYOS
python3-salt-3000-24.1
salt-3000-24.1
salt-minion-3000-24.1
Image SLES15-SP1-Azure-HPC-BYOS
python3-salt-3000-24.1
salt-3000-24.1
salt-minion-3000-24.1
Image SLES15-SP1-EC2-HPC-HVM-BYOS
python3-salt-3000-24.1
salt-3000-24.1
salt-minion-3000-24.1
Image SLES15-SP1-EC2-HVM-BYOS
python3-salt-3000-24.1
salt-3000-24.1
salt-minion-3000-24.1
Image SLES15-SP1-GCE-BYOS
python3-salt-3000-24.1
salt-3000-24.1
salt-minion-3000-24.1
Image SLES15-SP1-Manager-4-0-Azure-BYOS-Proxy
python3-salt-3000-24.1
salt-3000-24.1
Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server
python2-salt-3000-24.1
python3-salt-3000-24.1
salt-3000-24.1
salt-api-3000-24.1
salt-master-3000-24.1
Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Proxy
python3-salt-3000-24.1
salt-3000-24.1
Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server
python2-salt-3000-24.1
python3-salt-3000-24.1
salt-3000-24.1
salt-api-3000-24.1
salt-master-3000-24.1
Image SLES15-SP1-Manager-4-0-GCE-BYOS-Proxy
python3-salt-3000-24.1
salt-3000-24.1
Image SLES15-SP1-Manager-4-0-GCE-BYOS-Server
python2-salt-3000-24.1
python3-salt-3000-24.1
salt-3000-24.1
salt-api-3000-24.1
salt-master-3000-24.1
Image SLES15-SP1-SAP-Azure-BYOS
python3-salt-3000-24.1
salt-3000-24.1
salt-minion-3000-24.1
Image SLES15-SP1-SAP-EC2-HVM-BYOS
python3-salt-3000-24.1
salt-3000-24.1
salt-minion-3000-24.1
Image SLES15-SP1-SAP-GCE
python3-salt-3000-24.1
salt-3000-24.1
salt-minion-3000-24.1
Image SLES15-SP1-SAP-GCE-BYOS
python3-salt-3000-24.1
salt-3000-24.1
salt-minion-3000-24.1
SUSE Enterprise Storage 6
python2-salt-3000-24.1
python3-salt-3000-24.1
salt-3000-24.1
salt-api-3000-24.1
salt-bash-completion-3000-24.1
salt-cloud-3000-24.1
salt-doc-3000-24.1
salt-fish-completion-3000-24.1
salt-master-3000-24.1
salt-minion-3000-24.1
salt-proxy-3000-24.1
salt-ssh-3000-24.1
salt-standalone-formulas-configuration-3000-24.1
salt-syndic-3000-24.1
salt-zsh-completion-3000-24.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
python2-salt-3000-24.1
python3-salt-3000-24.1
salt-3000-24.1
salt-api-3000-24.1
salt-bash-completion-3000-24.1
salt-cloud-3000-24.1
salt-doc-3000-24.1
salt-fish-completion-3000-24.1
salt-master-3000-24.1
salt-minion-3000-24.1
salt-proxy-3000-24.1
salt-ssh-3000-24.1
salt-standalone-formulas-configuration-3000-24.1
salt-syndic-3000-24.1
salt-zsh-completion-3000-24.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
python2-salt-3000-24.1
python3-salt-3000-24.1
salt-3000-24.1
salt-api-3000-24.1
salt-bash-completion-3000-24.1
salt-cloud-3000-24.1
salt-doc-3000-24.1
salt-fish-completion-3000-24.1
salt-master-3000-24.1
salt-minion-3000-24.1
salt-proxy-3000-24.1
salt-ssh-3000-24.1
salt-standalone-formulas-configuration-3000-24.1
salt-syndic-3000-24.1
salt-zsh-completion-3000-24.1
SUSE Linux Enterprise Server 15 SP1-BCL
python2-salt-3000-24.1
python3-salt-3000-24.1
salt-3000-24.1
salt-api-3000-24.1
salt-bash-completion-3000-24.1
salt-cloud-3000-24.1
salt-doc-3000-24.1
salt-fish-completion-3000-24.1
salt-master-3000-24.1
salt-minion-3000-24.1
salt-proxy-3000-24.1
salt-ssh-3000-24.1
salt-standalone-formulas-configuration-3000-24.1
salt-syndic-3000-24.1
salt-zsh-completion-3000-24.1
SUSE Linux Enterprise Server 15 SP1-LTSS
python2-salt-3000-24.1
python3-salt-3000-24.1
salt-3000-24.1
salt-api-3000-24.1
salt-bash-completion-3000-24.1
salt-cloud-3000-24.1
salt-doc-3000-24.1
salt-fish-completion-3000-24.1
salt-master-3000-24.1
salt-minion-3000-24.1
salt-proxy-3000-24.1
salt-ssh-3000-24.1
salt-standalone-formulas-configuration-3000-24.1
salt-syndic-3000-24.1
salt-zsh-completion-3000-24.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
python2-salt-3000-24.1
python3-salt-3000-24.1
salt-3000-24.1
salt-api-3000-24.1
salt-bash-completion-3000-24.1
salt-cloud-3000-24.1
salt-doc-3000-24.1
salt-fish-completion-3000-24.1
salt-master-3000-24.1
salt-minion-3000-24.1
salt-proxy-3000-24.1
salt-ssh-3000-24.1
salt-standalone-formulas-configuration-3000-24.1
salt-syndic-3000-24.1
salt-zsh-completion-3000-24.1
SUSE Manager Proxy 4.0
python2-salt-3000-24.1
python3-salt-3000-24.1
salt-3000-24.1
salt-api-3000-24.1
salt-bash-completion-3000-24.1
salt-cloud-3000-24.1
salt-doc-3000-24.1
salt-fish-completion-3000-24.1
salt-master-3000-24.1
salt-minion-3000-24.1
salt-proxy-3000-24.1
salt-ssh-3000-24.1
salt-standalone-formulas-configuration-3000-24.1
salt-syndic-3000-24.1
salt-zsh-completion-3000-24.1
SUSE Manager Retail Branch Server 4.0
python2-salt-3000-24.1
python3-salt-3000-24.1
salt-3000-24.1
salt-api-3000-24.1
salt-bash-completion-3000-24.1
salt-cloud-3000-24.1
salt-doc-3000-24.1
salt-fish-completion-3000-24.1
salt-master-3000-24.1
salt-minion-3000-24.1
salt-proxy-3000-24.1
salt-ssh-3000-24.1
salt-standalone-formulas-configuration-3000-24.1
salt-syndic-3000-24.1
salt-zsh-completion-3000-24.1
SUSE Manager Server 4.0
python2-salt-3000-24.1
python3-salt-3000-24.1
salt-3000-24.1
salt-api-3000-24.1
salt-bash-completion-3000-24.1
salt-cloud-3000-24.1
salt-doc-3000-24.1
salt-fish-completion-3000-24.1
salt-master-3000-24.1
salt-minion-3000-24.1
salt-proxy-3000-24.1
salt-ssh-3000-24.1
salt-standalone-formulas-configuration-3000-24.1
salt-syndic-3000-24.1
salt-zsh-completion-3000-24.1

Ссылки

Описание

An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory.

Затронутые продукты
Image SLES15-SP1-Azure-BYOS:python3-salt-3000-24.1
Image SLES15-SP1-Azure-BYOS:salt-3000-24.1
Image SLES15-SP1-Azure-BYOS:salt-minion-3000-24.1
Image SLES15-SP1-Azure-HPC-BYOS:python3-salt-3000-24.1
Ссылки

Описание

In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.

Затронутые продукты
Image SLES15-SP1-Azure-BYOS:python3-salt-3000-24.1
Image SLES15-SP1-Azure-BYOS:salt-3000-24.1
Image SLES15-SP1-Azure-BYOS:salt-minion-3000-24.1
Image SLES15-SP1-Azure-HPC-BYOS:python3-salt-3000-24.1
Ссылки

Описание

In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.

Затронутые продукты
Image SLES15-SP1-Azure-BYOS:python3-salt-3000-24.1
Image SLES15-SP1-Azure-BYOS:salt-3000-24.1
Image SLES15-SP1-Azure-BYOS:salt-minion-3000-24.1
Image SLES15-SP1-Azure-HPC-BYOS:python3-salt-3000-24.1
Ссылки

Описание

An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.

Затронутые продукты
Image SLES15-SP1-Azure-BYOS:python3-salt-3000-24.1
Image SLES15-SP1-Azure-BYOS:salt-3000-24.1
Image SLES15-SP1-Azure-BYOS:salt-minion-3000-24.1
Image SLES15-SP1-Azure-HPC-BYOS:python3-salt-3000-24.1
Ссылки

Описание

An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal.

Затронутые продукты
Image SLES15-SP1-Azure-BYOS:python3-salt-3000-24.1
Image SLES15-SP1-Azure-BYOS:salt-3000-24.1
Image SLES15-SP1-Azure-BYOS:salt-minion-3000-24.1
Image SLES15-SP1-Azure-HPC-BYOS:python3-salt-3000-24.1
Ссылки

Описание

An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.

Затронутые продукты
Image SLES15-SP1-Azure-BYOS:python3-salt-3000-24.1
Image SLES15-SP1-Azure-BYOS:salt-3000-24.1
Image SLES15-SP1-Azure-BYOS:salt-minion-3000-24.1
Image SLES15-SP1-Azure-HPC-BYOS:python3-salt-3000-24.1
Ссылки

Описание

An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.

Затронутые продукты
Image SLES15-SP1-Azure-BYOS:python3-salt-3000-24.1
Image SLES15-SP1-Azure-BYOS:salt-3000-24.1
Image SLES15-SP1-Azure-BYOS:salt-minion-3000-24.1
Image SLES15-SP1-Azure-HPC-BYOS:python3-salt-3000-24.1
Ссылки

Описание

In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)

Затронутые продукты
Image SLES15-SP1-Azure-BYOS:python3-salt-3000-24.1
Image SLES15-SP1-Azure-BYOS:salt-3000-24.1
Image SLES15-SP1-Azure-BYOS:salt-minion-3000-24.1
Image SLES15-SP1-Azure-HPC-BYOS:python3-salt-3000-24.1
Ссылки

Описание

An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.

Затронутые продукты
Image SLES15-SP1-Azure-BYOS:python3-salt-3000-24.1
Image SLES15-SP1-Azure-BYOS:salt-3000-24.1
Image SLES15-SP1-Azure-BYOS:salt-minion-3000-24.1
Image SLES15-SP1-Azure-HPC-BYOS:python3-salt-3000-24.1
Ссылки

Описание

An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.

Затронутые продукты
Image SLES15-SP1-Azure-BYOS:python3-salt-3000-24.1
Image SLES15-SP1-Azure-BYOS:salt-3000-24.1
Image SLES15-SP1-Azure-BYOS:salt-minion-3000-24.1
Image SLES15-SP1-Azure-HPC-BYOS:python3-salt-3000-24.1
Ссылки
Уязвимость SUSE-SU-2021:0631-1