Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2021:2105-1 Critical: Salt Update Fixes Major Security Issues

suse
Calendar Grey June 21, 2021
Dist Suse Esm H88
SUSE's recent patch for salt addresses vital vulnerabilities across eight concerns and introduces enhancements aimed at elevating efficiency.
An update that solves 7 vulnerabilities, contains three features and has three fixes is now available

Summary

This update for salt fixes the following issues: Update to Salt release version 3002.2 (jsc#ECO-3212, jsc#SLE-18033, jsc#SLE-18028) - Check if dpkgnotify is executable (bsc#1186674) - Drop support for Python2. Obsoletes `python2-salt` package (jsc#SLE-18028) - virt module updates * network: handle missing ipv4 netmask attribute * more network support * PCI/USB host devices passthrough support - Set distro requirement to oldest supported version in requirements/base.txt - Bring missing part of async batch implementation back (bsc#1182382, CVE-2021-25315) - Always require python3-distro (bsc#1182293) - Remove deprecated warning that breaks minion execution when "server_id_use_crc" opts is missing - Fix pkg states when DEB package has "all" arch - Do not force beacons configuration to be a list.

Topics%20covered

Topics Covered

security advisory package update software enhancement critical severity SUSE Linux salt security

References

#1171257 #1176293 #1179831 #1181368 #1182281

#1182293 #1182382 #1185092 #1185281 #1186674

ECO-3212 SLE-18028 SLE-18033

Cross- CVE-2018-15750 CVE-2018-15751 CVE-2020-11651

CVE-2020-11652 CVE-2020-25592 CVE-2021-25315

CVE-2021-31607

CVSS scores:

CVE-2018-15750 (NVD) : 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVE-2018-15750 (SUSE): 8.7 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

CVE-2018-15751 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2018-15751 (SUSE): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2020-11651 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2020-11651 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2020-11652 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:2105-1
Rating: critical

Topics%20covered

Topics Covered

security advisory package update software enhancement critical severity SUSE Linux salt security

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here