Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2018:4174-1

Опубликовано: 18 дек. 2018
Источник: suse-cvrf

Описание

Security update for salt

This update for salt fixes the following issues:

Security issues fixed:

  • CVE-2018-15750: Fixed directory traversal vulnerability in salt-api (bsc#1113698).
  • CVE-2018-15751: Fixed remote authentication bypass in salt-api(netapi) that allows to execute arbitrary commands (bsc#1113699).

Non-security issues fixed:

  • Improved handling of LDAP group id. gid is no longer treated as a string, which could have lead to faulty group creations (bsc#1113784).
  • Fixed async call to process manager (bsc#1110938)
  • Fixed OS arch detection when RPM is not installed (bsc#1114197)
  • Crontab module fix: file attributes option missing (bsc#1114824)
  • Fix git_pillar merging across multiple env repositories (bsc#1112874)

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0
python2-salt-2018.3.0-lp150.3.17.1
python3-salt-2018.3.0-lp150.3.17.1
salt-2018.3.0-lp150.3.17.1
salt-api-2018.3.0-lp150.3.17.1
salt-bash-completion-2018.3.0-lp150.3.17.1
salt-cloud-2018.3.0-lp150.3.17.1
salt-doc-2018.3.0-lp150.3.17.1
salt-fish-completion-2018.3.0-lp150.3.17.1
salt-master-2018.3.0-lp150.3.17.1
salt-minion-2018.3.0-lp150.3.17.1
salt-proxy-2018.3.0-lp150.3.17.1
salt-ssh-2018.3.0-lp150.3.17.1
salt-syndic-2018.3.0-lp150.3.17.1
salt-zsh-completion-2018.3.0-lp150.3.17.1

Ссылки

Описание

Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.

Затронутые продукты
openSUSE Leap 15.0:python2-salt-2018.3.0-lp150.3.17.1
openSUSE Leap 15.0:python3-salt-2018.3.0-lp150.3.17.1
openSUSE Leap 15.0:salt-2018.3.0-lp150.3.17.1
openSUSE Leap 15.0:salt-api-2018.3.0-lp150.3.17.1
Ссылки

Описание

SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).

Затронутые продукты
openSUSE Leap 15.0:python2-salt-2018.3.0-lp150.3.17.1
openSUSE Leap 15.0:python3-salt-2018.3.0-lp150.3.17.1
openSUSE Leap 15.0:salt-2018.3.0-lp150.3.17.1
openSUSE Leap 15.0:salt-api-2018.3.0-lp150.3.17.1
Ссылки
Уязвимость openSUSE-SU-2018:4174-1