Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

SUSE: 2020:1974-1 Moderate: Salt Security Advisory Update

suse
Calendar Grey July 21, 2020
Dist Suse Esm H88
This Red Hat patch resolves significant vulnerabilities in Ansible with eight enhancements and modifications promoting improved reliability and protection.
An update that solves four vulnerabilities and has 7 fixes is now available

Summary

This update for salt contains the following fixes: - Fix for TypeError in Tornado importer (bsc#1174165) - Require python3-distro only for TW (bsc#1173072) - Update to Salt version 3000: See release notes: https://docs.saltproject.io/en/latest/topics/releases/3000.html - Add docker.logout to docker execution module. (bsc#1165572) - Add option to enable/disable force refresh for zypper. - Add publish_batch to ClearFuncs exposed methods. - Adds test for zypper abbreviation fix. - Avoid segfault from "salt-api" under certain conditions of heavy load managing SSH minions. (bsc#1169604) - Avoid traceback on debug logging for swarm module. (bsc#1172075) - Batch mode now also correctly provides return value. (bsc#1168340) - Better import cache handline.

References

#1159284 #1165572 #1167437 #1168340 #1169604

#1170104 #1170288 #1171906 #1172075 #1173072

#1174165

Cross- CVE-2018-15750 CVE-2018-15751 CVE-2020-11651

CVE-2020-11652

Affected Products:

SUSE Linux Enterprise Module for Server Applications 15-SP1

SUSE Linux Enterprise Module for Python2 15-SP1

SUSE Linux Enterprise Module for Basesystem 15-SP1

https://www.suse.com/security/cve/CVE-2018-15750.html

https://www.suse.com/security/cve/CVE-2018-15751.html

https://www.suse.com/security/cve/CVE-2020-11651.html

https://www.suse.com/security/cve/CVE-2020-11652.html

https://bugzilla.suse.com/1159284

https://bugzilla.suse.com/1165572

https://bugzilla.suse.com/1167437

https://bugzilla.suse.com/1168340

https://bugzilla.suse.com/1169604

Announcement ID: SUSE-SU-2020:1974-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here