Описание
Security update for salt
This update for salt fixes the following issues:
Security fixes:
- CVE-2023-28370: Fix an open redirect vulnerability in 'StaticFileHandler' under certain configurations (bsc#1211741)
Bug fixes:
- Prevent error loading 'known_hosts' when '$HOME' is not set. (bsc#1210994)
- Fix ModuleNotFoundError and other issues raised by salt-support module. (bsc#1211591)
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
python3-salt-3006.0-150100.100.2
salt-3006.0-150100.100.2
salt-api-3006.0-150100.100.2
salt-bash-completion-3006.0-150100.100.2
salt-cloud-3006.0-150100.100.2
salt-doc-3006.0-150100.100.2
salt-fish-completion-3006.0-150100.100.2
salt-master-3006.0-150100.100.2
salt-minion-3006.0-150100.100.2
salt-proxy-3006.0-150100.100.2
salt-ssh-3006.0-150100.100.2
salt-standalone-formulas-configuration-3006.0-150100.100.2
salt-syndic-3006.0-150100.100.2
salt-transactional-update-3006.0-150100.100.2
salt-zsh-completion-3006.0-150100.100.2
SUSE Linux Enterprise Server 15 SP1-LTSS
python3-salt-3006.0-150100.100.2
salt-3006.0-150100.100.2
salt-api-3006.0-150100.100.2
salt-bash-completion-3006.0-150100.100.2
salt-cloud-3006.0-150100.100.2
salt-doc-3006.0-150100.100.2
salt-fish-completion-3006.0-150100.100.2
salt-master-3006.0-150100.100.2
salt-minion-3006.0-150100.100.2
salt-proxy-3006.0-150100.100.2
salt-ssh-3006.0-150100.100.2
salt-standalone-formulas-configuration-3006.0-150100.100.2
salt-syndic-3006.0-150100.100.2
salt-transactional-update-3006.0-150100.100.2
salt-zsh-completion-3006.0-150100.100.2
SUSE Linux Enterprise Server for SAP Applications 15 SP1
python3-salt-3006.0-150100.100.2
salt-3006.0-150100.100.2
salt-api-3006.0-150100.100.2
salt-bash-completion-3006.0-150100.100.2
salt-cloud-3006.0-150100.100.2
salt-doc-3006.0-150100.100.2
salt-fish-completion-3006.0-150100.100.2
salt-master-3006.0-150100.100.2
salt-minion-3006.0-150100.100.2
salt-proxy-3006.0-150100.100.2
salt-ssh-3006.0-150100.100.2
salt-standalone-formulas-configuration-3006.0-150100.100.2
salt-syndic-3006.0-150100.100.2
salt-transactional-update-3006.0-150100.100.2
salt-zsh-completion-3006.0-150100.100.2
Ссылки
- Link for SUSE-SU-2023:3123-1
- E-Mail link for SUSE-SU-2023:3123-1
- SUSE Security Ratings
- SUSE Bug 1210994
- SUSE Bug 1211591
- SUSE Bug 1211741
- SUSE CVE CVE-2023-28370 page
Описание
Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:python3-salt-3006.0-150100.100.2
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:salt-3006.0-150100.100.2
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:salt-api-3006.0-150100.100.2
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:salt-bash-completion-3006.0-150100.100.2
Ссылки
- CVE-2023-28370
- SUSE Bug 1211741