SUSE-SU-2022:2159-1

Опубликовано: 23 июн. 2022

Источник: suse-cvrf

Описание

Security update for salt

This update for salt fixes the following issues:

CVE-2022-22967: Fixed missing check for PAM_ACCT_MGM return value that could be used to bypass authentication when using PAM (bsc#1200566)

Список пакетов

SUSE Enterprise Storage 6

python3-salt-3004-150100.71.1

salt-3004-150100.71.1

salt-api-3004-150100.71.1

salt-bash-completion-3004-150100.71.1

salt-cloud-3004-150100.71.1

salt-doc-3004-150100.71.1

salt-fish-completion-3004-150100.71.1

salt-master-3004-150100.71.1

salt-minion-3004-150100.71.1

salt-proxy-3004-150100.71.1

salt-ssh-3004-150100.71.1

salt-standalone-formulas-configuration-3004-150100.71.1

salt-syndic-3004-150100.71.1

salt-transactional-update-3004-150100.71.1

salt-zsh-completion-3004-150100.71.1

SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS

python3-salt-3004-150100.71.1

salt-3004-150100.71.1

salt-api-3004-150100.71.1

salt-bash-completion-3004-150100.71.1

salt-cloud-3004-150100.71.1

salt-doc-3004-150100.71.1

salt-fish-completion-3004-150100.71.1

salt-master-3004-150100.71.1

salt-minion-3004-150100.71.1

salt-proxy-3004-150100.71.1

salt-ssh-3004-150100.71.1

salt-standalone-formulas-configuration-3004-150100.71.1

salt-syndic-3004-150100.71.1

salt-transactional-update-3004-150100.71.1

salt-zsh-completion-3004-150100.71.1

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

python3-salt-3004-150100.71.1

salt-3004-150100.71.1

salt-api-3004-150100.71.1

salt-bash-completion-3004-150100.71.1

salt-cloud-3004-150100.71.1

salt-doc-3004-150100.71.1

salt-fish-completion-3004-150100.71.1

salt-master-3004-150100.71.1

salt-minion-3004-150100.71.1

salt-proxy-3004-150100.71.1

salt-ssh-3004-150100.71.1

salt-standalone-formulas-configuration-3004-150100.71.1

salt-syndic-3004-150100.71.1

salt-transactional-update-3004-150100.71.1

salt-zsh-completion-3004-150100.71.1

SUSE Linux Enterprise Server 15 SP1-BCL

python3-salt-3004-150100.71.1

salt-3004-150100.71.1

salt-api-3004-150100.71.1

salt-bash-completion-3004-150100.71.1

salt-cloud-3004-150100.71.1

salt-doc-3004-150100.71.1

salt-fish-completion-3004-150100.71.1

salt-master-3004-150100.71.1

salt-minion-3004-150100.71.1

salt-proxy-3004-150100.71.1

salt-ssh-3004-150100.71.1

salt-standalone-formulas-configuration-3004-150100.71.1

salt-syndic-3004-150100.71.1

salt-transactional-update-3004-150100.71.1

salt-zsh-completion-3004-150100.71.1

SUSE Linux Enterprise Server 15 SP1-LTSS

python3-salt-3004-150100.71.1

salt-3004-150100.71.1

salt-api-3004-150100.71.1

salt-bash-completion-3004-150100.71.1

salt-cloud-3004-150100.71.1

salt-doc-3004-150100.71.1

salt-fish-completion-3004-150100.71.1

salt-master-3004-150100.71.1

salt-minion-3004-150100.71.1

salt-proxy-3004-150100.71.1

salt-ssh-3004-150100.71.1

salt-standalone-formulas-configuration-3004-150100.71.1

salt-syndic-3004-150100.71.1

salt-transactional-update-3004-150100.71.1

salt-zsh-completion-3004-150100.71.1

SUSE Linux Enterprise Server for SAP Applications 15 SP1

python3-salt-3004-150100.71.1

salt-3004-150100.71.1

salt-api-3004-150100.71.1

salt-bash-completion-3004-150100.71.1

salt-cloud-3004-150100.71.1

salt-doc-3004-150100.71.1

salt-fish-completion-3004-150100.71.1

salt-master-3004-150100.71.1

salt-minion-3004-150100.71.1

salt-proxy-3004-150100.71.1

salt-ssh-3004-150100.71.1

salt-standalone-formulas-configuration-3004-150100.71.1

salt-syndic-3004-150100.71.1

salt-transactional-update-3004-150100.71.1

salt-zsh-completion-3004-150100.71.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20222159-1/
Link for SUSE-SU-2022:2159-1
https://lists.suse.com/pipermail/sle-security-updates/2022-June/011334.html
E-Mail link for SUSE-SU-2022:2159-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1200566
SUSE Bug 1200566
https://www.suse.com/security/cve/CVE-2022-22967/
SUSE CVE CVE-2022-22967 page

Описание

An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an active session and salt-api users that authenticate via PAM eauth.

Затронутые продукты

SUSE Enterprise Storage 6:python3-salt-3004-150100.71.1

SUSE Enterprise Storage 6:salt-3004-150100.71.1

SUSE Enterprise Storage 6:salt-api-3004-150100.71.1

SUSE Enterprise Storage 6:salt-bash-completion-3004-150100.71.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-22967.html
CVE-2022-22967
https://bugzilla.suse.com/1200566
SUSE Bug 1200566

SUSE-SU-2022:2159-1

Описание

Список пакетов

SUSE Enterprise Storage 6

SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

SUSE Linux Enterprise Server 15 SP1-BCL

SUSE Linux Enterprise Server 15 SP1-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP1

Ссылки

Уязвимость: CVE-2022-22967

Описание

Затронутые продукты

Ссылки