Описание
Security update for salt
This update for salt fixes the following issues:
Security fixes:
- CVE-2023-28370: Fix an open redirect vulnerability in 'StaticFileHandler' under certain configurations (bsc#1211741)
Bug fixes:
- Prevent error loading 'known_hosts' when '$HOME' is not set (bsc#1210994)
- Fix ModuleNotFoundError and other issues raised by salt-support module (bsc#1211591)
Список пакетов
Image SLES15-SP2-BYOS-Azure
python3-salt-3006.0-150200.101.2
salt-3006.0-150200.101.2
salt-minion-3006.0-150200.101.2
Image SLES15-SP2-HPC-BYOS-Azure
python3-salt-3006.0-150200.101.2
salt-3006.0-150200.101.2
salt-minion-3006.0-150200.101.2
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
python3-salt-3006.0-150200.101.2
salt-3006.0-150200.101.2
salt-standalone-formulas-configuration-3006.0-150200.101.2
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
python3-salt-3006.0-150200.101.2
salt-3006.0-150200.101.2
salt-standalone-formulas-configuration-3006.0-150200.101.2
Image SLES15-SP2-SAP-BYOS-Azure
python3-salt-3006.0-150200.101.2
salt-3006.0-150200.101.2
salt-minion-3006.0-150200.101.2
salt-standalone-formulas-configuration-3006.0-150200.101.2
Image SLES15-SP2-SAP-BYOS-EC2-HVM
python3-salt-3006.0-150200.101.2
salt-3006.0-150200.101.2
salt-minion-3006.0-150200.101.2
salt-standalone-formulas-configuration-3006.0-150200.101.2
Image SLES15-SP2-SAP-BYOS-GCE
python3-salt-3006.0-150200.101.2
salt-3006.0-150200.101.2
salt-minion-3006.0-150200.101.2
salt-standalone-formulas-configuration-3006.0-150200.101.2
SUSE Enterprise Storage 7
python3-salt-3006.0-150200.101.2
salt-3006.0-150200.101.2
salt-api-3006.0-150200.101.2
salt-bash-completion-3006.0-150200.101.2
salt-cloud-3006.0-150200.101.2
salt-doc-3006.0-150200.101.2
salt-fish-completion-3006.0-150200.101.2
salt-master-3006.0-150200.101.2
salt-minion-3006.0-150200.101.2
salt-proxy-3006.0-150200.101.2
salt-ssh-3006.0-150200.101.2
salt-standalone-formulas-configuration-3006.0-150200.101.2
salt-syndic-3006.0-150200.101.2
salt-transactional-update-3006.0-150200.101.2
salt-zsh-completion-3006.0-150200.101.2
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
python3-salt-3006.0-150200.101.2
salt-3006.0-150200.101.2
salt-api-3006.0-150200.101.2
salt-bash-completion-3006.0-150200.101.2
salt-cloud-3006.0-150200.101.2
salt-doc-3006.0-150200.101.2
salt-fish-completion-3006.0-150200.101.2
salt-master-3006.0-150200.101.2
salt-minion-3006.0-150200.101.2
salt-proxy-3006.0-150200.101.2
salt-ssh-3006.0-150200.101.2
salt-standalone-formulas-configuration-3006.0-150200.101.2
salt-syndic-3006.0-150200.101.2
salt-zsh-completion-3006.0-150200.101.2
SUSE Linux Enterprise Server 15 SP2-LTSS
python3-salt-3006.0-150200.101.2
salt-3006.0-150200.101.2
salt-api-3006.0-150200.101.2
salt-bash-completion-3006.0-150200.101.2
salt-cloud-3006.0-150200.101.2
salt-doc-3006.0-150200.101.2
salt-fish-completion-3006.0-150200.101.2
salt-master-3006.0-150200.101.2
salt-minion-3006.0-150200.101.2
salt-proxy-3006.0-150200.101.2
salt-ssh-3006.0-150200.101.2
salt-standalone-formulas-configuration-3006.0-150200.101.2
salt-syndic-3006.0-150200.101.2
salt-transactional-update-3006.0-150200.101.2
salt-zsh-completion-3006.0-150200.101.2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
python3-salt-3006.0-150200.101.2
salt-3006.0-150200.101.2
salt-api-3006.0-150200.101.2
salt-bash-completion-3006.0-150200.101.2
salt-cloud-3006.0-150200.101.2
salt-doc-3006.0-150200.101.2
salt-fish-completion-3006.0-150200.101.2
salt-master-3006.0-150200.101.2
salt-minion-3006.0-150200.101.2
salt-proxy-3006.0-150200.101.2
salt-ssh-3006.0-150200.101.2
salt-standalone-formulas-configuration-3006.0-150200.101.2
salt-syndic-3006.0-150200.101.2
salt-transactional-update-3006.0-150200.101.2
salt-zsh-completion-3006.0-150200.101.2
Ссылки
- Link for SUSE-SU-2023:3131-1
- E-Mail link for SUSE-SU-2023:3131-1
- SUSE Security Ratings
- SUSE Bug 1210994
- SUSE Bug 1211591
- SUSE Bug 1211741
- SUSE CVE CVE-2023-28370 page
Описание
Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.
Затронутые продукты
Image SLES15-SP2-BYOS-Azure:python3-salt-3006.0-150200.101.2
Image SLES15-SP2-BYOS-Azure:salt-3006.0-150200.101.2
Image SLES15-SP2-BYOS-Azure:salt-minion-3006.0-150200.101.2
Image SLES15-SP2-HPC-BYOS-Azure:python3-salt-3006.0-150200.101.2
Ссылки
- CVE-2023-28370
- SUSE Bug 1211741