SUSE-SU-2021:3555-1

Опубликовано: 27 окт. 2021

Источник: suse-cvrf

Описание

Security update for salt

This update for salt fixes the following issues:

Support querying for JSON data in external sql pillar.
Exclude the full path of a download URL to prevent injection of malicious code. (bsc#1190265, CVE-2021-21996)

Список пакетов

Image SLES15-SP1-Azure-BYOS

python3-salt-3002.2-48.4

salt-3002.2-48.4

salt-minion-3002.2-48.4

Image SLES15-SP1-Azure-HPC-BYOS

python3-salt-3002.2-48.4

salt-3002.2-48.4

salt-minion-3002.2-48.4

Image SLES15-SP1-EC2-HPC-HVM-BYOS

python3-salt-3002.2-48.4

salt-3002.2-48.4

salt-minion-3002.2-48.4

Image SLES15-SP1-EC2-HVM-BYOS

python3-salt-3002.2-48.4

salt-3002.2-48.4

salt-minion-3002.2-48.4

Image SLES15-SP1-GCE-BYOS

python3-salt-3002.2-48.4

salt-3002.2-48.4

salt-minion-3002.2-48.4

Image SLES15-SP1-SAP-Azure-BYOS

python3-salt-3002.2-48.4

salt-3002.2-48.4

salt-minion-3002.2-48.4

Image SLES15-SP1-SAP-EC2-HVM-BYOS

python3-salt-3002.2-48.4

salt-3002.2-48.4

salt-minion-3002.2-48.4

Image SLES15-SP1-SAP-GCE

python3-salt-3002.2-48.4

salt-3002.2-48.4

salt-minion-3002.2-48.4

Image SLES15-SP1-SAP-GCE-BYOS

python3-salt-3002.2-48.4

salt-3002.2-48.4

salt-minion-3002.2-48.4

SUSE Enterprise Storage 6

python3-salt-3002.2-48.4

salt-3002.2-48.4

salt-api-3002.2-48.4

salt-bash-completion-3002.2-48.4

salt-cloud-3002.2-48.4

salt-doc-3002.2-48.4

salt-fish-completion-3002.2-48.4

salt-master-3002.2-48.4

salt-minion-3002.2-48.4

salt-proxy-3002.2-48.4

salt-ssh-3002.2-48.4

salt-standalone-formulas-configuration-3002.2-48.4

salt-syndic-3002.2-48.4

salt-transactional-update-3002.2-48.4

salt-zsh-completion-3002.2-48.4

SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS

python3-salt-3002.2-48.4

salt-3002.2-48.4

salt-api-3002.2-48.4

salt-bash-completion-3002.2-48.4

salt-cloud-3002.2-48.4

salt-doc-3002.2-48.4

salt-fish-completion-3002.2-48.4

salt-master-3002.2-48.4

salt-minion-3002.2-48.4

salt-proxy-3002.2-48.4

salt-ssh-3002.2-48.4

salt-standalone-formulas-configuration-3002.2-48.4

salt-syndic-3002.2-48.4

salt-transactional-update-3002.2-48.4

salt-zsh-completion-3002.2-48.4

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

python3-salt-3002.2-48.4

salt-3002.2-48.4

salt-api-3002.2-48.4

salt-bash-completion-3002.2-48.4

salt-cloud-3002.2-48.4

salt-doc-3002.2-48.4

salt-fish-completion-3002.2-48.4

salt-master-3002.2-48.4

salt-minion-3002.2-48.4

salt-proxy-3002.2-48.4

salt-ssh-3002.2-48.4

salt-standalone-formulas-configuration-3002.2-48.4

salt-syndic-3002.2-48.4

salt-transactional-update-3002.2-48.4

salt-zsh-completion-3002.2-48.4

SUSE Linux Enterprise Server 15 SP1-BCL

python3-salt-3002.2-48.4

salt-3002.2-48.4

salt-api-3002.2-48.4

salt-bash-completion-3002.2-48.4

salt-cloud-3002.2-48.4

salt-doc-3002.2-48.4

salt-fish-completion-3002.2-48.4

salt-master-3002.2-48.4

salt-minion-3002.2-48.4

salt-proxy-3002.2-48.4

salt-ssh-3002.2-48.4

salt-standalone-formulas-configuration-3002.2-48.4

salt-syndic-3002.2-48.4

salt-transactional-update-3002.2-48.4

salt-zsh-completion-3002.2-48.4

SUSE Linux Enterprise Server 15 SP1-LTSS

python3-salt-3002.2-48.4

salt-3002.2-48.4

salt-api-3002.2-48.4

salt-bash-completion-3002.2-48.4

salt-cloud-3002.2-48.4

salt-doc-3002.2-48.4

salt-fish-completion-3002.2-48.4

salt-master-3002.2-48.4

salt-minion-3002.2-48.4

salt-proxy-3002.2-48.4

salt-ssh-3002.2-48.4

salt-standalone-formulas-configuration-3002.2-48.4

salt-syndic-3002.2-48.4

salt-transactional-update-3002.2-48.4

salt-zsh-completion-3002.2-48.4

SUSE Linux Enterprise Server for SAP Applications 15 SP1

python3-salt-3002.2-48.4

salt-3002.2-48.4

salt-api-3002.2-48.4

salt-bash-completion-3002.2-48.4

salt-cloud-3002.2-48.4

salt-doc-3002.2-48.4

salt-fish-completion-3002.2-48.4

salt-master-3002.2-48.4

salt-minion-3002.2-48.4

salt-proxy-3002.2-48.4

salt-ssh-3002.2-48.4

salt-standalone-formulas-configuration-3002.2-48.4

salt-syndic-3002.2-48.4

salt-transactional-update-3002.2-48.4

salt-zsh-completion-3002.2-48.4

Ссылки

https://www.suse.com/support/update/announcement/2021/suse-su-20213555-1/
Link for SUSE-SU-2021:3555-1
https://lists.suse.com/pipermail/sle-security-updates/2021-October/009662.html
E-Mail link for SUSE-SU-2021:3555-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1190265
SUSE Bug 1190265
https://www.suse.com/security/cve/CVE-2021-21996/
SUSE CVE CVE-2021-21996 page

Описание

An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.

Затронутые продукты

Image SLES15-SP1-Azure-BYOS:python3-salt-3002.2-48.4

Image SLES15-SP1-Azure-BYOS:salt-3002.2-48.4

Image SLES15-SP1-Azure-BYOS:salt-minion-3002.2-48.4

Image SLES15-SP1-Azure-HPC-BYOS:python3-salt-3002.2-48.4

Ссылки

https://www.suse.com/security/cve/CVE-2021-21996.html
CVE-2021-21996
https://bugzilla.suse.com/1190265
SUSE Bug 1190265
https://bugzilla.suse.com/1210934
SUSE Bug 1210934

SUSE-SU-2021:3555-1

Описание

Список пакетов

Image SLES15-SP1-Azure-BYOS

Image SLES15-SP1-Azure-HPC-BYOS

Image SLES15-SP1-EC2-HPC-HVM-BYOS

Image SLES15-SP1-EC2-HVM-BYOS

Image SLES15-SP1-GCE-BYOS

Image SLES15-SP1-SAP-Azure-BYOS

Image SLES15-SP1-SAP-EC2-HVM-BYOS

Image SLES15-SP1-SAP-GCE

Image SLES15-SP1-SAP-GCE-BYOS

SUSE Enterprise Storage 6

SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

SUSE Linux Enterprise Server 15 SP1-BCL

SUSE Linux Enterprise Server 15 SP1-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP1

Ссылки

Уязвимость: CVE-2021-21996

Описание

Затронутые продукты

Ссылки