SUSE: 2020:3244-1 Critical: Salt Security Fixes and Update
suse
November 6, 2020
An update that solves three vulnerabilities and has 7 fixes is now available
Summary
This update fixes the following issues: salt: - Avoid regression on "salt-master": set passphrase for salt-ssh keys to empty string (bsc#1178485) - Properly validate eauth credentials and tokens on SSH calls made by Salt API (bsc#1178319, bsc#1178362, bsc#1178361, CVE-2020-25592, CVE-2020-17490, CVE-2020-16846) - Fix disk.blkid to avoid unexpected keyword argument '__pub_user' (bsc#1177867) - Ensure virt.update stop_on_reboot is updated with its default value - Do not break package building for systemd OSes - Drop wrong mock from chroot unit test - Support systemd versions with dot (bsc#1176294) - Fix for grains.test_core unit test - Fix file/directory user and group ownership containing UTF-8 characters (bsc#1176024) - Several changes to virtualization: - Fix virt update when cpu and memory are changed
References
#1159670 #1175987 #1176024 #1176294 #1176397
#1177867 #1178319 #1178361 #1178362 #1178485
Cross- CVE-2020-16846 CVE-2020-17490 CVE-2020-25592
Affected Products:
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-ESPOS
https://www.suse.com/security/cve/CVE-2020-16846.html
https://www.suse.com/security/cve/CVE-2020-17490.html
https://www.suse.com/security/cve/CVE-2020-25592.html
https://bugzilla.suse.com/1159670
https://bugzilla.suse.com/1175987
https://bugzilla.suse.com/1176024
https://bugzilla.suse.com/1176294
https://bugzilla.suse.com/1176397
https://bugzilla.suse.com/1177867
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!