Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 576
Alerts This Week
Warning Icon 1 576

SUSE 12-BETA: 2021:0915-1 Moderate: Salt Security Update

suse
Calendar Grey March 19, 2021
Dist Suse Esm H88
SUSE has released a security patch addressing 10 known vulnerabilities in Salt. It's crucial to update your systems to enhance their security!
An update that solves 10 vulnerabilities and has 10 fixes is now available

Summary

This update fixes the following issues: salt: - Only require python-certifi for CentOS7 - Fix race conditions for corner cases when handling SIGTERM by minion (bsc#1172110) - Implementation of suse_ip execution module to prevent issues with network.managed (bsc#1099976) - Fix recursion false detection in payload (bsc#1180101) - Add sleep on exception handling on minion connection attempt to the master (bsc#1174855) - Allows for the VMware provider to handle CPU and memory hot-add in newer versions of the software. (bsc#1181347) - Always require python-certifi (used by salt.ext.tornado) - Exclude SLE 12 from requiring python-certifi - Do not crash when unexpected cmd output at listing patches (bsc#1181290) - Fix behavior for "onlyif/unless" when multiple conditions (bsc#1180818)

References

#1099976 #1172110 #1174855 #1179696 #1180101

#1180818 #1181290 #1181347 #1181550 #1181556

#1181557 #1181558 #1181559 #1181560 #1181561

#1181562 #1181563 #1181564 #1181565 #1182740

Cross- CVE-2020-28243 CVE-2020-28972 CVE-2020-35662

CVE-2021-25281 CVE-2021-25282 CVE-2021-25283

CVE-2021-25284 CVE-2021-3144 CVE-2021-3148

CVE-2021-3197

CVSS scores:

CVE-2020-28243 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2020-28243 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2020-28972 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2020-28972 (SUSE): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVE-2020-35662 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Announcement ID: SUSE-SU-2021:0915-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.