Описание
Security update for salt
This update for salt fixes the following issues:
Security issues fixed:
- CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master (bsc#1219430)
- CVE-2024-22232: Prevent directory traversal attacks in the master's serve_file method (bsc#1219431)
Bugs fixed:
- Ensure that pillar refresh loads beacons from pillar without restart
- Fix the aptpkg.py unit test failure
- Prefer unittest.mock to python-mock in test suite
- Enable 'KeepAlive' probes for Salt SSH executions (bsc#1211649)
- Revert changes to set Salt configured user early in the stack (bsc#1216284)
- Align behavior of some modules when using salt-call via symlink (bsc#1215963)
- Fix gitfs 'env' and improve cache cleaning (bsc#1193948)
- Remove python-boto dependency for the python3-salt-testsuite package for Tumbleweed
Список пакетов
Image SLES15-SP4-BYOS
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
Image SLES15-SP4-BYOS-Azure
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
Image SLES15-SP4-BYOS-EC2
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
Image SLES15-SP4-BYOS-GCE
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
Image SLES15-SP4-HPC-BYOS
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
Image SLES15-SP4-HPC-BYOS-Azure
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
Image SLES15-SP4-HPC-BYOS-EC2
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
Image SLES15-SP4-HPC-BYOS-GCE
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
Image SLES15-SP4-HPC-EC2
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
Image SLES15-SP4-HPC-GCE
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
Image SLES15-SP4-Hardened-BYOS
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
Image SLES15-SP4-Hardened-BYOS-Azure
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
Image SLES15-SP4-Hardened-BYOS-EC2
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
Image SLES15-SP4-Hardened-BYOS-GCE
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
Image SLES15-SP4-Manager-Server-4-3
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-api-3006.0-150400.8.54.1
salt-master-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
Image SLES15-SP4-Manager-Server-4-3-Azure-llc
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-api-3006.0-150400.8.54.1
salt-master-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
Image SLES15-SP4-Manager-Server-4-3-Azure-ltd
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-api-3006.0-150400.8.54.1
salt-master-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
Image SLES15-SP4-Manager-Server-4-3-BYOS
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-api-3006.0-150400.8.54.1
salt-master-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-api-3006.0-150400.8.54.1
salt-master-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-api-3006.0-150400.8.54.1
salt-master-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-api-3006.0-150400.8.54.1
salt-master-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
Image SLES15-SP4-Manager-Server-4-3-EC2-llc
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-api-3006.0-150400.8.54.1
salt-master-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
Image SLES15-SP4-Manager-Server-4-3-EC2-ltd
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-api-3006.0-150400.8.54.1
salt-master-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
Image SLES15-SP4-Micro-5-3
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
salt-transactional-update-3006.0-150400.8.54.1
Image SLES15-SP4-Micro-5-3-BYOS
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
salt-transactional-update-3006.0-150400.8.54.1
Image SLES15-SP4-Micro-5-3-BYOS-Azure
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
salt-transactional-update-3006.0-150400.8.54.1
Image SLES15-SP4-Micro-5-3-BYOS-EC2
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
salt-transactional-update-3006.0-150400.8.54.1
Image SLES15-SP4-Micro-5-3-BYOS-GCE
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
salt-transactional-update-3006.0-150400.8.54.1
Image SLES15-SP4-Micro-5-3-EC2
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
salt-transactional-update-3006.0-150400.8.54.1
Image SLES15-SP4-Micro-5-4
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
salt-transactional-update-3006.0-150400.8.54.1
Image SLES15-SP4-Micro-5-4-BYOS
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
salt-transactional-update-3006.0-150400.8.54.1
Image SLES15-SP4-Micro-5-4-BYOS-Azure
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
salt-transactional-update-3006.0-150400.8.54.1
Image SLES15-SP4-Micro-5-4-BYOS-EC2
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
salt-transactional-update-3006.0-150400.8.54.1
Image SLES15-SP4-Micro-5-4-BYOS-GCE
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
salt-transactional-update-3006.0-150400.8.54.1
Image SLES15-SP4-Micro-5-4-EC2
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
salt-transactional-update-3006.0-150400.8.54.1
Image SLES15-SP4-Micro-5-4-GCE
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
salt-transactional-update-3006.0-150400.8.54.1
Image SLES15-SP4-SAP-BYOS
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
salt-standalone-formulas-configuration-3006.0-150400.8.54.1
Image SLES15-SP4-SAP-BYOS-Azure
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
salt-standalone-formulas-configuration-3006.0-150400.8.54.1
Image SLES15-SP4-SAP-BYOS-EC2
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
salt-standalone-formulas-configuration-3006.0-150400.8.54.1
Image SLES15-SP4-SAP-BYOS-GCE
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
salt-standalone-formulas-configuration-3006.0-150400.8.54.1
Image SLES15-SP4-SAP-Hardened-BYOS
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
salt-standalone-formulas-configuration-3006.0-150400.8.54.1
Image SLES15-SP4-SAP-Hardened-BYOS-Azure
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
salt-standalone-formulas-configuration-3006.0-150400.8.54.1
Image SLES15-SP4-SAP-Hardened-BYOS-EC2
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
salt-standalone-formulas-configuration-3006.0-150400.8.54.1
Image SLES15-SP4-SAP-Hardened-BYOS-GCE
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
salt-standalone-formulas-configuration-3006.0-150400.8.54.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-api-3006.0-150400.8.54.1
salt-bash-completion-3006.0-150400.8.54.1
salt-cloud-3006.0-150400.8.54.1
salt-doc-3006.0-150400.8.54.1
salt-fish-completion-3006.0-150400.8.54.1
salt-master-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
salt-proxy-3006.0-150400.8.54.1
salt-ssh-3006.0-150400.8.54.1
salt-standalone-formulas-configuration-3006.0-150400.8.54.1
salt-syndic-3006.0-150400.8.54.1
salt-zsh-completion-3006.0-150400.8.54.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-api-3006.0-150400.8.54.1
salt-bash-completion-3006.0-150400.8.54.1
salt-cloud-3006.0-150400.8.54.1
salt-doc-3006.0-150400.8.54.1
salt-fish-completion-3006.0-150400.8.54.1
salt-master-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
salt-proxy-3006.0-150400.8.54.1
salt-ssh-3006.0-150400.8.54.1
salt-standalone-formulas-configuration-3006.0-150400.8.54.1
salt-syndic-3006.0-150400.8.54.1
salt-zsh-completion-3006.0-150400.8.54.1
SUSE Linux Enterprise Micro 5.3
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
salt-transactional-update-3006.0-150400.8.54.1
SUSE Linux Enterprise Micro 5.4
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
salt-transactional-update-3006.0-150400.8.54.1
SUSE Linux Enterprise Server 15 SP4-LTSS
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-api-3006.0-150400.8.54.1
salt-bash-completion-3006.0-150400.8.54.1
salt-cloud-3006.0-150400.8.54.1
salt-doc-3006.0-150400.8.54.1
salt-fish-completion-3006.0-150400.8.54.1
salt-master-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
salt-proxy-3006.0-150400.8.54.1
salt-ssh-3006.0-150400.8.54.1
salt-standalone-formulas-configuration-3006.0-150400.8.54.1
salt-syndic-3006.0-150400.8.54.1
salt-transactional-update-3006.0-150400.8.54.1
salt-zsh-completion-3006.0-150400.8.54.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-api-3006.0-150400.8.54.1
salt-bash-completion-3006.0-150400.8.54.1
salt-cloud-3006.0-150400.8.54.1
salt-doc-3006.0-150400.8.54.1
salt-fish-completion-3006.0-150400.8.54.1
salt-master-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
salt-proxy-3006.0-150400.8.54.1
salt-ssh-3006.0-150400.8.54.1
salt-standalone-formulas-configuration-3006.0-150400.8.54.1
salt-syndic-3006.0-150400.8.54.1
salt-zsh-completion-3006.0-150400.8.54.1
SUSE Manager Proxy 4.3
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-api-3006.0-150400.8.54.1
salt-bash-completion-3006.0-150400.8.54.1
salt-cloud-3006.0-150400.8.54.1
salt-doc-3006.0-150400.8.54.1
salt-fish-completion-3006.0-150400.8.54.1
salt-master-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
salt-proxy-3006.0-150400.8.54.1
salt-ssh-3006.0-150400.8.54.1
salt-standalone-formulas-configuration-3006.0-150400.8.54.1
salt-syndic-3006.0-150400.8.54.1
salt-zsh-completion-3006.0-150400.8.54.1
SUSE Manager Server 4.3
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-api-3006.0-150400.8.54.1
salt-bash-completion-3006.0-150400.8.54.1
salt-cloud-3006.0-150400.8.54.1
salt-doc-3006.0-150400.8.54.1
salt-fish-completion-3006.0-150400.8.54.1
salt-master-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
salt-proxy-3006.0-150400.8.54.1
salt-ssh-3006.0-150400.8.54.1
salt-standalone-formulas-configuration-3006.0-150400.8.54.1
salt-syndic-3006.0-150400.8.54.1
salt-zsh-completion-3006.0-150400.8.54.1
openSUSE Leap Micro 5.3
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
salt-transactional-update-3006.0-150400.8.54.1
openSUSE Leap Micro 5.4
python3-salt-3006.0-150400.8.54.1
salt-3006.0-150400.8.54.1
salt-minion-3006.0-150400.8.54.1
salt-transactional-update-3006.0-150400.8.54.1
Ссылки
- Link for SUSE-SU-2024:0509-1
- E-Mail link for SUSE-SU-2024:0509-1
- SUSE Security Ratings
- SUSE Bug 1193948
- SUSE Bug 1211649
- SUSE Bug 1215963
- SUSE Bug 1216284
- SUSE Bug 1219430
- SUSE Bug 1219431
- SUSE CVE CVE-2024-22231 page
- SUSE CVE CVE-2024-22232 page
Описание
Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master.
Затронутые продукты
Image SLES15-SP4-BYOS-Azure:python3-salt-3006.0-150400.8.54.1
Image SLES15-SP4-BYOS-Azure:salt-3006.0-150400.8.54.1
Image SLES15-SP4-BYOS-Azure:salt-minion-3006.0-150400.8.54.1
Image SLES15-SP4-BYOS-EC2:python3-salt-3006.0-150400.8.54.1
Ссылки
- CVE-2024-22231
- SUSE Bug 1219430
Описание
A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master's filesystem.
Затронутые продукты
Image SLES15-SP4-BYOS-Azure:python3-salt-3006.0-150400.8.54.1
Image SLES15-SP4-BYOS-Azure:salt-3006.0-150400.8.54.1
Image SLES15-SP4-BYOS-Azure:salt-minion-3006.0-150400.8.54.1
Image SLES15-SP4-BYOS-EC2:python3-salt-3006.0-150400.8.54.1
Ссылки
- CVE-2024-22232
- SUSE Bug 1219431