Explore top 10 tips to secure your open-source projects now. Read More
×
This update for salt fixes the following issues: Security issues fixed: - CVE-2018-15750: Fixed directory traversal vulnerability in salt-api (bsc#1113698). - CVE-2018-15751: Fixed remote authentication bypass in salt-api(netapi) that allows to execute arbitrary commands (bsc#1113699). Non-security issues fixed: - Improved handling of LDAP group id. gid is no longer treated as a string, which could have lead to faulty group creations (bsc#1113784). - Fix async call to process manager (bsc#1110938). - Fixed OS arch detection when RPM is not installed (bsc#1114197). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12:
#1110938 #1113698 #1113699 #1113784 #1114197
Cross- CVE-2018-15750 CVE-2018-15751
Affected Products:
SUSE Manager Tools 12
SUSE Manager Server 3.2
SUSE Manager Server 3.1
SUSE Manager Server 3.0
SUSE Manager Proxy 3.2
SUSE Manager Proxy 3.1
SUSE Manager Proxy 3.0
SUSE Linux Enterprise Point of Sale 12-SP2
SUSE Linux Enterprise Module for Advanced Systems Management 12
SUSE CaaS Platform 3.0
OpenStack Cloud Magnum Orchestration 7
https://www.suse.com/security/cve/CVE-2018-15750.html
https://www.suse.com/security/cve/CVE-2018-15751.html
https://bugzilla.suse.com/1110938
https://bugzilla.suse.com/1113698
https://bugzilla.suse.com/1113699
https://bugzilla.suse.com/1113784
https://bugzilla.suse.com/1114197
Get the latest Linux and open source security news straight to your inbox.