Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

openSUSE Leap 16.0 Salt Significant Security Fix 20412-1 CVE-2025-67725 DoS

opensuse
Calendar Grey March 28, 2026
Dist Opensuse Esm H88
openSUSE releases an important update for salt fixing critical security issues and bugs, improving overall performance.
An update that solves 4 vulnerabilities and has 6 bug fixes can now be installed.

Description

This update for salt fixes the following issues:

Changes in salt:

- Security issues fixed:

* CVE-2025-67724: fixed missing validation of supplied reason phrase (bsc#1254903)

* CVE-2025-67725: fixed DoS via malicious HTTP request (bsc#1254905)

* CVE-2025-67726: fixed HTTP header parameter parsing algorithm (bsc#1254904)

- Fixed KeyError in postgres module with PostgreSQL 17 (bsc#1254325)

- Use internal deb classes instead of external aptsource lib

- Improved performance of wheel key.finger call (bsc#1240532)

- Improved performance of utils.find_json function (bsc#1246130)

- Extend warn_until period to 2027

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-430=1

Patch

Package List

- openSUSE Leap 16.0:

python313-salt-3006.0-160000.4.1

python313-salt-testsuite-3006.0-160000.4.1

salt-3006.0-160000.4.1

salt-api-3006.0-160000.4.1

salt-bash-completion-3006.0-160000.4.1

salt-cloud-3006.0-160000.4.1

salt-doc-3006.0-160000.4.1

salt-fish-completion-3006.0-160000.4.1

salt-master-3006.0-160000.4.1

salt-minion-3006.0-160000.4.1

salt-proxy-3006.0-160000.4.1

salt-ssh-3006.0-160000.4.1

salt-standalone-formulas-configuration-3006.0-160000.4.1

salt-syndic-3006.0-160000.4.1

salt-transactional-update-3006.0-160000.4.1

salt-zsh-completion-3006.0-160000.4.1

References

* bsc#1240532

* bsc#1246130

* bsc#1254325

* bsc#1254903

* bsc#1254904

* bsc#1254905

References:

* https://www.suse.com/security/cve/CVE-2025-13836.html

* https://www.suse.com/security/cve/CVE-2025-67724.html

* https://www.suse.com/security/cve/CVE-2025-67725.html

* https://www.suse.com/security/cve/CVE-2025-67726.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:20412-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here