What Are You Looking For?

Sign Up

   SUSE Security Update: Security update for Salt
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:3244-1
Rating:             critical
References:         #1159670 #1175987 #1176024 #1176294 #1176397 
                    #1177867 #1178319 #1178361 #1178362 #1178485 
                    
Cross-References:   CVE-2020-16846 CVE-2020-17490 CVE-2020-25592
                   
Affected Products:
                    SUSE Linux Enterprise Server for SAP 15
                    SUSE Linux Enterprise Server 15-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-LTSS
                    SUSE Linux Enterprise High Performance Computing 15-ESPOS
______________________________________________________________________________

   An update that solves three vulnerabilities and has 7 fixes
   is now available.

Description:


   This update fixes the following issues:

   salt:

   - Avoid regression on "salt-master": set passphrase for salt-ssh keys to
     empty string (bsc#1178485)
   - Properly validate eauth credentials and tokens on SSH calls made by Salt
     API (bsc#1178319, bsc#1178362, bsc#1178361, CVE-2020-25592,
     CVE-2020-17490, CVE-2020-16846)
   - Fix disk.blkid to avoid unexpected keyword argument '__pub_user'
     (bsc#1177867)
   - Ensure virt.update stop_on_reboot is updated with its default value
   - Do not break package building for systemd OSes
   - Drop wrong mock from chroot unit test
   - Support systemd versions with dot (bsc#1176294)
   - Fix for grains.test_core unit test
   - Fix file/directory user and group ownership containing UTF-8 characters     (bsc#1176024)
   - Several changes to virtualization:
     - Fix virt update when cpu and memory are changed
     - Memory Tuning GSoC
     - Properly fix memory setting regression in virt.update
     - Expose libvirt on_reboot in virt states
   - Support transactional systems (MicroOS)
   - Zypperpkg module ignores retcode 104 for search() (bsc#1159670)
   - Xen disk fixes. No longer generates volumes for Xen disks, but the
     corresponding file or block disk (bsc#1175987)
   - Invalidate file list cache when cache file modified time is in the
     future (bsc#1176397)
   - Prevent import errors when running test_btrfs unit tests


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for SAP 15:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-3244=1

   - SUSE Linux Enterprise Server 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-2020-3244=1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3244=1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3244=1



Package List:

   - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):

      python2-salt-3000-5.91.1
      python3-salt-3000-5.91.1
      salt-3000-5.91.1
      salt-api-3000-5.91.1
      salt-cloud-3000-5.91.1
      salt-doc-3000-5.91.1
      salt-master-3000-5.91.1
      salt-minion-3000-5.91.1
      salt-proxy-3000-5.91.1
      salt-ssh-3000-5.91.1
      salt-standalone-formulas-configuration-3000-5.91.1
      salt-syndic-3000-5.91.1

   - SUSE Linux Enterprise Server for SAP 15 (noarch):

      salt-bash-completion-3000-5.91.1
      salt-fish-completion-3000-5.91.1
      salt-zsh-completion-3000-5.91.1

   - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):

      python2-salt-3000-5.91.1
      python3-salt-3000-5.91.1
      salt-3000-5.91.1
      salt-api-3000-5.91.1
      salt-cloud-3000-5.91.1
      salt-doc-3000-5.91.1
      salt-master-3000-5.91.1
      salt-minion-3000-5.91.1
      salt-proxy-3000-5.91.1
      salt-ssh-3000-5.91.1
      salt-standalone-formulas-configuration-3000-5.91.1
      salt-syndic-3000-5.91.1

   - SUSE Linux Enterprise Server 15-LTSS (noarch):

      salt-bash-completion-3000-5.91.1
      salt-fish-completion-3000-5.91.1
      salt-zsh-completion-3000-5.91.1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):

      python2-salt-3000-5.91.1
      python3-salt-3000-5.91.1
      salt-3000-5.91.1
      salt-api-3000-5.91.1
      salt-cloud-3000-5.91.1
      salt-doc-3000-5.91.1
      salt-master-3000-5.91.1
      salt-minion-3000-5.91.1
      salt-proxy-3000-5.91.1
      salt-ssh-3000-5.91.1
      salt-standalone-formulas-configuration-3000-5.91.1
      salt-syndic-3000-5.91.1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch):

      salt-bash-completion-3000-5.91.1
      salt-fish-completion-3000-5.91.1
      salt-zsh-completion-3000-5.91.1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):

      python2-salt-3000-5.91.1
      python3-salt-3000-5.91.1
      salt-3000-5.91.1
      salt-api-3000-5.91.1
      salt-cloud-3000-5.91.1
      salt-doc-3000-5.91.1
      salt-master-3000-5.91.1
      salt-minion-3000-5.91.1
      salt-proxy-3000-5.91.1
      salt-ssh-3000-5.91.1
      salt-standalone-formulas-configuration-3000-5.91.1
      salt-syndic-3000-5.91.1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch):

      salt-bash-completion-3000-5.91.1
      salt-fish-completion-3000-5.91.1
      salt-zsh-completion-3000-5.91.1


References:

   https://www.suse.com/security/cve/CVE-2020-16846.html
   https://www.suse.com/security/cve/CVE-2020-17490.html
   https://www.suse.com/security/cve/CVE-2020-25592.html
   https://bugzilla.suse.com/1159670
   https://bugzilla.suse.com/1175987
   https://bugzilla.suse.com/1176024
   https://bugzilla.suse.com/1176294
   https://bugzilla.suse.com/1176397
   https://bugzilla.suse.com/1177867
   https://bugzilla.suse.com/1178319
   https://bugzilla.suse.com/1178361
   https://bugzilla.suse.com/1178362
   https://bugzilla.suse.com/1178485

SUSE: 2020:3244-1 critical: Salt

November 6, 2020
An update that solves three vulnerabilities and has 7 fixes is now available

Summary

This update fixes the following issues: salt: - Avoid regression on "salt-master": set passphrase for salt-ssh keys to empty string (bsc#1178485) - Properly validate eauth credentials and tokens on SSH calls made by Salt API (bsc#1178319, bsc#1178362, bsc#1178361, CVE-2020-25592, CVE-2020-17490, CVE-2020-16846) - Fix disk.blkid to avoid unexpected keyword argument '__pub_user' (bsc#1177867) - Ensure virt.update stop_on_reboot is updated with its default value - Do not break package building for systemd OSes - Drop wrong mock from chroot unit test - Support systemd versions with dot (bsc#1176294) - Fix for grains.test_core unit test - Fix file/directory user and group ownership containing UTF-8 characters (bsc#1176024) - Several changes to virtualization: - Fix virt update when cpu and memory are changed - Memory Tuning GSoC - Properly fix memory setting regression in virt.update - Expose libvirt on_reboot in virt states - Support transactional systems (MicroOS) - Zypperpkg module ignores retcode 104 for search() (bsc#1159670) - Xen disk fixes. No longer generates volumes for Xen disks, but the corresponding file or block disk (bsc#1175987) - Invalidate file list cache when cache file modified time is in the future (bsc#1176397) - Prevent import errors when running test_btrfs unit tests Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-3244=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-3244=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3244=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3244=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): python2-salt-3000-5.91.1 python3-salt-3000-5.91.1 salt-3000-5.91.1 salt-api-3000-5.91.1 salt-cloud-3000-5.91.1 salt-doc-3000-5.91.1 salt-master-3000-5.91.1 salt-minion-3000-5.91.1 salt-proxy-3000-5.91.1 salt-ssh-3000-5.91.1 salt-standalone-formulas-configuration-3000-5.91.1 salt-syndic-3000-5.91.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): salt-bash-completion-3000-5.91.1 salt-fish-completion-3000-5.91.1 salt-zsh-completion-3000-5.91.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): python2-salt-3000-5.91.1 python3-salt-3000-5.91.1 salt-3000-5.91.1 salt-api-3000-5.91.1 salt-cloud-3000-5.91.1 salt-doc-3000-5.91.1 salt-master-3000-5.91.1 salt-minion-3000-5.91.1 salt-proxy-3000-5.91.1 salt-ssh-3000-5.91.1 salt-standalone-formulas-configuration-3000-5.91.1 salt-syndic-3000-5.91.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): salt-bash-completion-3000-5.91.1 salt-fish-completion-3000-5.91.1 salt-zsh-completion-3000-5.91.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): python2-salt-3000-5.91.1 python3-salt-3000-5.91.1 salt-3000-5.91.1 salt-api-3000-5.91.1 salt-cloud-3000-5.91.1 salt-doc-3000-5.91.1 salt-master-3000-5.91.1 salt-minion-3000-5.91.1 salt-proxy-3000-5.91.1 salt-ssh-3000-5.91.1 salt-standalone-formulas-configuration-3000-5.91.1 salt-syndic-3000-5.91.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): salt-bash-completion-3000-5.91.1 salt-fish-completion-3000-5.91.1 salt-zsh-completion-3000-5.91.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): python2-salt-3000-5.91.1 python3-salt-3000-5.91.1 salt-3000-5.91.1 salt-api-3000-5.91.1 salt-cloud-3000-5.91.1 salt-doc-3000-5.91.1 salt-master-3000-5.91.1 salt-minion-3000-5.91.1 salt-proxy-3000-5.91.1 salt-ssh-3000-5.91.1 salt-standalone-formulas-configuration-3000-5.91.1 salt-syndic-3000-5.91.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): salt-bash-completion-3000-5.91.1 salt-fish-completion-3000-5.91.1 salt-zsh-completion-3000-5.91.1

References

#1159670 #1175987 #1176024 #1176294 #1176397

#1177867 #1178319 #1178361 #1178362 #1178485

Cross- CVE-2020-16846 CVE-2020-17490 CVE-2020-25592

Affected Products:

SUSE Linux Enterprise Server for SAP 15

SUSE Linux Enterprise Server 15-LTSS

SUSE Linux Enterprise High Performance Computing 15-LTSS

SUSE Linux Enterprise High Performance Computing 15-ESPOS

https://www.suse.com/security/cve/CVE-2020-16846.html

https://www.suse.com/security/cve/CVE-2020-17490.html

https://www.suse.com/security/cve/CVE-2020-25592.html

https://bugzilla.suse.com/1159670

https://bugzilla.suse.com/1175987

https://bugzilla.suse.com/1176024

https://bugzilla.suse.com/1176294

https://bugzilla.suse.com/1176397

https://bugzilla.suse.com/1177867

https://bugzilla.suse.com/1178319

https://bugzilla.suse.com/1178361

https://bugzilla.suse.com/1178362

https://bugzilla.suse.com/1178485

Severity
Announcement ID: SUSE-SU-2020:3244-1
Rating: critical

Related News

From Heartbleed to Now: Evolving Threats in OpenSSL and How to Guard Against Them

Nov 17, 2023

Security Highlights from KubeCon + CloudNativeCon 2023

Nov 18, 2023

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

News

Advisories

HOWTOs

Features

Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

About Us

Powered By

Footer Logo