Описание
Security update for salt
This update for salt fixes the following issues:
- Check if dpkgnotify is executable (bsc#1186674)
- Update to Salt release version 3002.2 (jsc#ECO-3212, jsc#SLE-18033, jsc#SLE-18028)
- Drop support for Python2. Obsoletes
python2-saltpackage (jsc#SLE-18028) - Fix issue parsing errors in ansiblegate state module
- Prevent command injection in the snapper module (bsc#1185281, CVE-2021-31607)
- transactional_update: detect recursion in the executor
- Add subpackage
salt-transactional-update(jsc#SLE-18033) - Remove duplicate directories
Список пакетов
Image SLES15-SP3-BYOS-Azure
python3-salt-3002.2-8.41.8.1
salt-3002.2-8.41.8.1
salt-minion-3002.2-8.41.8.1
Image SLES15-SP3-BYOS-EC2-HVM
python3-salt-3002.2-8.41.8.1
salt-3002.2-8.41.8.1
salt-minion-3002.2-8.41.8.1
Image SLES15-SP3-BYOS-GCE
python3-salt-3002.2-8.41.8.1
salt-3002.2-8.41.8.1
salt-minion-3002.2-8.41.8.1
Image SLES15-SP3-HPC-BYOS-Azure
python3-salt-3002.2-8.41.8.1
salt-3002.2-8.41.8.1
salt-minion-3002.2-8.41.8.1
Image SLES15-SP3-HPC-BYOS-EC2-HVM
python3-salt-3002.2-8.41.8.1
salt-3002.2-8.41.8.1
salt-minion-3002.2-8.41.8.1
Image SLES15-SP3-HPC-BYOS-GCE
python3-salt-3002.2-8.41.8.1
salt-3002.2-8.41.8.1
salt-minion-3002.2-8.41.8.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure
python3-salt-3002.2-8.41.8.1
salt-3002.2-8.41.8.1
salt-minion-3002.2-8.41.8.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM
python3-salt-3002.2-8.41.8.1
salt-3002.2-8.41.8.1
salt-minion-3002.2-8.41.8.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE
python3-salt-3002.2-8.41.8.1
salt-3002.2-8.41.8.1
salt-minion-3002.2-8.41.8.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
python3-salt-3002.2-8.41.8.1
salt-3002.2-8.41.8.1
salt-api-3002.2-8.41.8.1
salt-master-3002.2-8.41.8.1
salt-minion-3002.2-8.41.8.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
python3-salt-3002.2-8.41.8.1
salt-3002.2-8.41.8.1
salt-api-3002.2-8.41.8.1
salt-master-3002.2-8.41.8.1
salt-minion-3002.2-8.41.8.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
python3-salt-3002.2-8.41.8.1
salt-3002.2-8.41.8.1
salt-api-3002.2-8.41.8.1
salt-master-3002.2-8.41.8.1
salt-minion-3002.2-8.41.8.1
Image SLES15-SP3-Micro-5-1-BYOS-Azure
python3-salt-3002.2-8.41.8.1
salt-3002.2-8.41.8.1
salt-minion-3002.2-8.41.8.1
salt-transactional-update-3002.2-8.41.8.1
Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM
python3-salt-3002.2-8.41.8.1
salt-3002.2-8.41.8.1
salt-minion-3002.2-8.41.8.1
salt-transactional-update-3002.2-8.41.8.1
Image SLES15-SP3-Micro-5-1-BYOS-GCE
python3-salt-3002.2-8.41.8.1
salt-3002.2-8.41.8.1
salt-minion-3002.2-8.41.8.1
salt-transactional-update-3002.2-8.41.8.1
Image SLES15-SP3-Micro-5-2-BYOS-Azure
python3-salt-3002.2-8.41.8.1
salt-3002.2-8.41.8.1
salt-minion-3002.2-8.41.8.1
salt-transactional-update-3002.2-8.41.8.1
Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM
python3-salt-3002.2-8.41.8.1
salt-3002.2-8.41.8.1
salt-minion-3002.2-8.41.8.1
salt-transactional-update-3002.2-8.41.8.1
Image SLES15-SP3-Micro-5-2-BYOS-GCE
python3-salt-3002.2-8.41.8.1
salt-3002.2-8.41.8.1
salt-minion-3002.2-8.41.8.1
salt-transactional-update-3002.2-8.41.8.1
Image SLES15-SP3-Micro-BYOS-GCE
python3-salt-3002.2-8.41.8.1
salt-3002.2-8.41.8.1
salt-minion-3002.2-8.41.8.1
salt-transactional-update-3002.2-8.41.8.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
python3-salt-3002.2-8.41.8.1
salt-3002.2-8.41.8.1
salt-standalone-formulas-configuration-3002.2-8.41.8.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
python3-salt-3002.2-8.41.8.1
salt-3002.2-8.41.8.1
salt-standalone-formulas-configuration-3002.2-8.41.8.1
Image SLES15-SP3-SAP-BYOS-Azure
python3-salt-3002.2-8.41.8.1
salt-3002.2-8.41.8.1
salt-minion-3002.2-8.41.8.1
salt-standalone-formulas-configuration-3002.2-8.41.8.1
Image SLES15-SP3-SAP-BYOS-EC2-HVM
python3-salt-3002.2-8.41.8.1
salt-3002.2-8.41.8.1
salt-minion-3002.2-8.41.8.1
salt-standalone-formulas-configuration-3002.2-8.41.8.1
Image SLES15-SP3-SAP-BYOS-GCE
python3-salt-3002.2-8.41.8.1
salt-3002.2-8.41.8.1
salt-minion-3002.2-8.41.8.1
salt-standalone-formulas-configuration-3002.2-8.41.8.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
python3-salt-3002.2-8.41.8.1
salt-3002.2-8.41.8.1
salt-bash-completion-3002.2-8.41.8.1
salt-doc-3002.2-8.41.8.1
salt-minion-3002.2-8.41.8.1
salt-zsh-completion-3002.2-8.41.8.1
SUSE Linux Enterprise Module for Server Applications 15 SP3
salt-api-3002.2-8.41.8.1
salt-cloud-3002.2-8.41.8.1
salt-fish-completion-3002.2-8.41.8.1
salt-master-3002.2-8.41.8.1
salt-proxy-3002.2-8.41.8.1
salt-ssh-3002.2-8.41.8.1
salt-standalone-formulas-configuration-3002.2-8.41.8.1
salt-syndic-3002.2-8.41.8.1
SUSE Linux Enterprise Module for Transactional Server 15 SP3
salt-transactional-update-3002.2-8.41.8.1
Ссылки
- Link for SUSE-SU-2021:1951-1
- E-Mail link for SUSE-SU-2021:1951-1
- SUSE Security Ratings
- SUSE Bug 1185281
- SUSE Bug 1186674
- SUSE CVE CVE-2021-31607 page
Описание
In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely).
Затронутые продукты
Image SLES15-SP3-BYOS-Azure:python3-salt-3002.2-8.41.8.1
Image SLES15-SP3-BYOS-Azure:salt-3002.2-8.41.8.1
Image SLES15-SP3-BYOS-Azure:salt-minion-3002.2-8.41.8.1
Image SLES15-SP3-BYOS-EC2-HVM:python3-salt-3002.2-8.41.8.1
Ссылки
- CVE-2021-31607
- SUSE Bug 1185281
- SUSE Bug 1210934