SUSE: 2020:0763-1 important: Security Beta Salt
Summary
This update fixes the following issues: salt: - Requiring python3-distro only for openSUSE/SLE >= 15 - Use full option name instead of undocumented abbreviation for zypper - Python-distro is only needed for > Python 3.7. Removing it for Python 2 - Fixed a local privilege escalation to root (bsc#1157465) (CVE-2019-18897) - Fix unit tests failures in test_batch_async tests - Batch Async: Handle exceptions, properly unregister and close instances after running async batching to avoid CPU starvation of the MWorkers (bsc#1162327) - RHEL/CentOS 8 uses platform-python instead of python3 - Enable build for Python 3.8 - Update to Salt version 2019.2.3 (bsc#1163981) (bsc#1162504) - Replacing pycrypto with M2Crypto (bsc#1165425) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-15-2020-763=1 Package List: - SUSE Manager Tools 15-BETA (aarch64 ppc64le s390x x86_64): python2-salt-2019.2.3-8.12.1 python3-salt-2019.2.3-8.12.1 salt-2019.2.3-8.12.1 salt-api-2019.2.3-8.12.1 salt-cloud-2019.2.3-8.12.1 salt-doc-2019.2.3-8.12.1 salt-master-2019.2.3-8.12.1 salt-minion-2019.2.3-8.12.1 salt-proxy-2019.2.3-8.12.1 salt-ssh-2019.2.3-8.12.1 salt-standalone-formulas-configuration-2019.2.3-8.12.1 salt-syndic-2019.2.3-8.12.1 - SUSE Manager Tools 15-BETA (noarch): salt-bash-completion-2019.2.3-8.12.1 salt-fish-completion-2019.2.3-8.12.1 salt-zsh-completion-2019.2.3-8.12.1
References
#1157465 #1162327 #1162504 #1163981 #1165425
Cross- CVE-2019-18897
Affected Products:
SUSE Manager Tools 15-BETA
https://www.suse.com/security/cve/CVE-2019-18897.html
https://bugzilla.suse.com/1157465
https://bugzilla.suse.com/1162327
https://bugzilla.suse.com/1162504
https://bugzilla.suse.com/1163981
https://bugzilla.suse.com/1165425