Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

SUSE: 2021:3906-1 Moderate Salt Security Update Improvements Released

suse
Calendar Grey December 3, 2021
Dist Suse Esm H88
SUSE releases a preliminary Security Patch for Salt, targeting one specific vulnerability while also delivering 19 crucial enhancements.
An update that solves one vulnerability and has 19 fixes is now available

Summary

This update fixes the following issues: salt: - Remove wrong _parse_cpe_name from grains.core - Prevent tracebacks if directory for cookie is missing - Fix file.find tracebacks with non utf8 file names (bsc#1190114) - Fix ip6_interface grain to not leak secondary IPv4 aliases (bsc#1191412) - Do not consider skipped targets as failed for ansible.playbooks state (bsc#1190446) - Fix traceback.*_exc() calls - Fix the regression of docker_container state module - Support querying for JSON data in external sql pillar - Exclude the full path of a download URL to prevent injection of malicious code (bsc#1190265) (CVE-2021-21996) - Fix wrong relative paths resolution with Jinja renderer when importing subdirectories - Fix python-MarkupSafe dependency (bsc#1189043) - Add missing aarch64 to rpm package architectures

Topics%20covered

Topics Covered

security advisory moderate security improvement attack mitigation SUSE Manager Tools Salt update

References

#1164192 #1167586 #1168327 #1180650 #1184659

#1185131 #1186287 #1186310 #1186674 #1187787

#1187813 #1188170 #1188641 #1188647 #1189040

#1189043 #1190114 #1190265 #1190446 #1191412

Cross- CVE-2021-21996

CVSS scores:

CVE-2021-21996 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Affected Products:

SUSE Manager Tools 12-BETA

https://www.suse.com/security/cve/CVE-2021-21996.html

https://bugzilla.suse.com/1164192

https://bugzilla.suse.com/1167586

https://bugzilla.suse.com/1168327

https://bugzilla.suse.com/1180650

https://bugzilla.suse.com/1184659

https://bugzilla.suse.com/1185131

https://bugzilla.suse.com/1186287

https://bugzilla.suse.com/1186310

https://bugzilla.suse.com/1186674

https://bugzilla.suse.com/1187787

Announcement ID: SUSE-SU-2021:3906-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate security improvement attack mitigation SUSE Manager Tools Salt update

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here