SUSE: 2020:14332-1 Important: Local Privilege Escalation Fix in Salt
suse
March 24, 2020
An update that solves one vulnerability and has four fixes is now available
Summary
This update fixes the following issues: salt: - Requiring python3-distro only for openSUSE/SLE >= 15 - Use full option name instead of undocumented abbreviation for zypper - Python-distro is only needed for > Python 3.7. Removing it for Python 2 - Fixed a local privilege escalation to root (bsc#1157465) (CVE-2019-18897) - Fix unit tests failures in test_batch_async tests - Batch Async: Handle exceptions, properly unregister and close instances after running async batching to avoid CPU starvation of the MWorkers (bsc#1162327) - RHEL/CentOS 8 uses platform-python instead of python3 - Enable build for Python 3.8 - Update to Salt version 2019.2.3 (bsc#1163981) (bsc#1162504) - Replacing pycrypto with M2Crypto (bsc#1165425) Patch Instructions:
References
#1157465 #1162327 #1162504 #1163981 #1165425
Cross- CVE-2019-18897
Affected Products:
SUSE Manager Ubuntu 16.04-CLIENT-TOOLS-BETA
https://www.suse.com/security/cve/CVE-2019-18897.html
https://bugzilla.suse.com/1157465
https://bugzilla.suse.com/1162327
https://bugzilla.suse.com/1162504
https://bugzilla.suse.com/1163981
https://bugzilla.suse.com/1165425
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2020:14332-1
Rating: important
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!