This update for salt fixes the following issues:
Changes in salt:
- Security issues fixed:
* CVE-2025-67724: fixed missing validation of supplied reason phrase (bsc#1254903)
* CVE-2025-67725: fixed DoS via malicious HTTP request (bsc#1254905)
* CVE-2025-67726: fixed HTTP header parameter parsing algorithm (bsc#1254904)
- Fixed KeyError in postgres module with PostgreSQL 17 (bsc#1254325)
- Use internal deb classes instead of external aptsource lib
- Improved performance of wheel key.finger call (bsc#1240532)
- Improved performance of utils.find_json function (bsc#1246130)
- Extend warn_until period to 2027
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-430=1
- openSUSE Leap 16.0:
python313-salt-3006.0-160000.4.1
python313-salt-testsuite-3006.0-160000.4.1
salt-3006.0-160000.4.1
salt-api-3006.0-160000.4.1
salt-bash-completion-3006.0-160000.4.1
salt-cloud-3006.0-160000.4.1
salt-doc-3006.0-160000.4.1
salt-fish-completion-3006.0-160000.4.1
salt-master-3006.0-160000.4.1
salt-minion-3006.0-160000.4.1
salt-proxy-3006.0-160000.4.1
salt-ssh-3006.0-160000.4.1
salt-standalone-formulas-configuration-3006.0-160000.4.1
salt-syndic-3006.0-160000.4.1
salt-transactional-update-3006.0-160000.4.1
salt-zsh-completion-3006.0-160000.4.1
* bsc#1240532
* bsc#1246130
* bsc#1254325
* bsc#1254903
* bsc#1254904
* bsc#1254905
References:
* https://www.suse.com/security/cve/CVE-2025-13836.html
* https://www.suse.com/security/cve/CVE-2025-67724.html
* https://www.suse.com/security/cve/CVE-2025-67725.html
* https://www.suse.com/security/cve/CVE-2025-67726.html
Get the latest Linux and open source security news straight to your inbox.