Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
100
security advisorybuffer overflowDoSSUSE: 2024:4020-1 important: Salt Bundle Security Fixes
* bsc#1219041 * bsc#1220357 * bsc#1222842 * bsc#1226141 * bsc#1226447 . # Security update for SUSE Manager Salt Bundle Announcement ID: SUSE-SU-2024:4020-1 Release Date: 2024-11-18T13:25:06Z Rating: important References: * bsc#1219041 * bsc#1220357 * bsc#1222842 * bsc#1226141 * bsc#1226447 * bsc#1226448 * bsc#1226469 * bsc#1227547 * bsc#1228105 * bsc#1228780 * bsc#1229109 * bsc#1229539 * bsc#1229654 * bsc#1229704 * bsc#1229873 * bsc#1229994 * bsc#1229995 * bsc#1229996 * bsc#1230058 * bsc#1230059 * bsc#1230322 * bsc#1231045 * bsc#1231697 * jsc#MSQA-863 Cross-References: * CVE-2024-0397 * CVE-2024-3651 * CVE-2024-37891 * CVE-2024-4032 * CVE-2024-5569 * CVE-2024-6345 * CVE-2024-6923 * CVE-2024-7592 * CVE-2024-8088 CVSS scores: * CVE-2024-0397 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2024-3651 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-3651 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-37891 ( SUSE ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2024-4032 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-5569 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-6345 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-6923 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-7592 ( SUSE ): 2.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L * CVE-2024-7592 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-8088 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-8088 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Desktop 12 * SUSE Linux Enterprise Desktop 12 SP1 * SUSE Linux Enterprise Desktop 12 SP2 * SUSE Linux Enterprise Desktop 12 SP3 * SUSE Linux Enterprise Desktop 12 SP4 * SUSE Linux Enterprise High PerformanceComputing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 * SUSE Manager Client Tools for SLE 12 An update that solves nine vulnerabilities, contains one feature and has 14 security fixes can now be installed. ## Description: This update fixes the following issues: venv-salt-minion: * Security fixes on Python 3.11 interpreter: * CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes (bsc#1229873, bsc#1230059) * CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Path (bsc#1229704, bsc#1230058) * CVE-2024-6923: Prevent email header injection due to unquoted newlines (bsc#1228780) * CVE-2024-4032: Rearranging definition of private global IP addresses (bsc#1226448) * CVE-2024-0397: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs() now correctly lock access to the certificate store, when the ssl.SSLContext is shared across multiple threads (bsc#1226447) * Security fixes on Python dependencies: * CVE-2024-5569: zipp: Fixed a Denial of Service (DoS) vulnerability in the jaraco/zipp library (bsc#1227547, bsc#1229996) * CVE-2024-6345: setuptools: Sanitize any VCS URL used for download (bsc#1228105, bsc#1229995) * CVE-2024-3651: idna: Fix a potential DoS via resource consumption via specially crafted inputs to idna.encode() (bsc#1222842, bsc#1229994) * CVE-2024-37891: urllib3: Added the `Proxy-Authorization` header to the list of headers to strip from requests when redirecting to a different host (bsc#1226469, bsc#1229654) * Other bugs fixed: * Added passlib Python module to the bundle * Allow NamedLoaderContexts to be returned from loader * Avoid crash on wrong output of systemctl version (bsc#1229539) * Avoid explicit reading of /etc/salt/minion (bsc#1220357) * Enable post_start_cleanup.sh to work in a transaction * Fixed cloud Minion configuration for multiple Masters (bsc#1229109) * Fixed failing x509 tests with OpenSSL < 1.1 * Fixed the SELinux context for Salt Minion service (bsc#1219041) * Fixed zyppnotify plugin after latest zypp/libzypp upgrades (bsc#1231697, bsc#1231045) * Improved error handling with different OpenSSL versions * Increase warn_until_date date for code we still support * Prevent using SyncWrapper with no reason * Reverted the change making reactor less blocking (bsc#1230322) * Use --cachedir for extension_modules in salt-call (bsc#1226141) * Use Pygit2 id instead of deprecated oid in gitfs ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for SLE 12 zypper in -t patch SUSE-SLE-Manager-Tools-12-2024-4020=1 ## Package List: * SUSE Manager Client Tools for SLE 12 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-3.65.1 ## References: * https://www.suse.com/security/cve/CVE-2024-0397.html * https://www.suse.com/security/cve/CVE-2024-3651.html * https://www.suse.com/security/cve/CVE-2024-37891.html * https://www.suse.com/security/cve/CVE-2024-4032.html *https://www.suse.com/security/cve/CVE-2024-5569.html * https://www.suse.com/security/cve/CVE-2024-6345.html * https://www.suse.com/security/cve/CVE-2024-6923.html * https://www.suse.com/security/cve/CVE-2024-7592.html * https://www.suse.com/security/cve/CVE-2024-8088.html * https://bugzilla.suse.com/show_bug.cgi?id=1219041 * https://bugzilla.suse.com/show_bug.cgi?id=1220357 * https://bugzilla.suse.com/show_bug.cgi?id=1222842 * https://bugzilla.suse.com/show_bug.cgi?id=1226141 * https://bugzilla.suse.com/show_bug.cgi?id=1226447 * https://bugzilla.suse.com/show_bug.cgi?id=1226448 * https://bugzilla.suse.com/show_bug.cgi?id=1226469 * https://bugzilla.suse.com/show_bug.cgi?id=1227547 * https://bugzilla.suse.com/show_bug.cgi?id=1228105 * https://bugzilla.suse.com/show_bug.cgi?id=1228780 * https://bugzilla.suse.com/show_bug.cgi?id=1229109 * https://bugzilla.suse.com/show_bug.cgi?id=1229539 * https://bugzilla.suse.com/show_bug.cgi?id=1229654 * https://bugzilla.suse.com/show_bug.cgi?id=1229704 * https://bugzilla.suse.com/show_bug.cgi?id=1229873 * https://bugzilla.suse.com/show_bug.cgi?id=1229994 * https://bugzilla.suse.com/show_bug.cgi?id=1229995 * https://bugzilla.suse.com/show_bug.cgi?id=1229996 * https://bugzilla.suse.com/show_bug.cgi?id=1230058 * https://bugzilla.suse.com/show_bug.cgi?id=1230059 * https://bugzilla.suse.com/show_bug.cgi?id=1230322 * https://bugzilla.suse.com/show_bug.cgi?id=1231045 * https://bugzilla.suse.com/show_bug.cgi?id=1231697 * . SUSE Manager Salt Package security enhancements revealed for critical flaws, strengthening overall system defense.. SUSE Manager, Salt Bundle, security advisory, DoS, buffer overflow. . Severity: Important. LinuxSecurity.com Team
Nov 18, 2024 •Important SuSE 100
security advisoryupdateDoSSUSE: 2024:4026-1 important: multiple issues addressed in Salt Bundle
* bsc#1219041 * bsc#1220357 * bsc#1222842 * bsc#1226141 * bsc#1226447 . # Security update for SUSE Manager Salt Bundle Announcement ID: SUSE-SU-2024:4026-1 Release Date: 2024-11-18T13:29:06Z Rating: important References: * bsc#1219041 * bsc#1220357 * bsc#1222842 * bsc#1226141 * bsc#1226447 * bsc#1226448 * bsc#1226469 * bsc#1227547 * bsc#1228105 * bsc#1228780 * bsc#1229109 * bsc#1229539 * bsc#1229654 * bsc#1229704 * bsc#1229873 * bsc#1229994 * bsc#1229995 * bsc#1229996 * bsc#1230058 * bsc#1230059 * bsc#1230322 * jsc#MSQA-863 Cross-References: * CVE-2024-0397 * CVE-2024-3651 * CVE-2024-37891 * CVE-2024-4032 * CVE-2024-5569 * CVE-2024-6345 * CVE-2024-6923 * CVE-2024-7592 * CVE-2024-8088 CVSS scores: * CVE-2024-0397 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2024-3651 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-3651 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-37891 ( SUSE ): 4.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2024-4032 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-5569 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-6345 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-6923 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-7592 ( SUSE ): 2.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L * CVE-2024-7592 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-8088 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-8088 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Manager Client Tools for Debian 12 An update that solves nine vulnerabilities, contains one feature and has 12 security fixes can now be installed. ## Description: This update fixes the following issues: venv-salt-minion: * Security fixes on Python 3.11interpreter: * CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes (bsc#1229873, bsc#1230059) * CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Path (bsc#1229704, bsc#1230058) * CVE-2024-6923: Prevent email header injection due to unquoted newlines (bsc#1228780) * CVE-2024-4032: Rearranging definition of private global IP addresses (bsc#1226448) * CVE-2024-0397: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs() now correctly lock access to the certificate store, when the ssl.SSLContext is shared across multiple threads (bsc#1226447) * Security fixes on Python dependencies: * CVE-2024-5569: zipp: Fixed a Denial of Service (DoS) vulnerability in the jaraco/zipp library (bsc#1227547, bsc#1229996) * CVE-2024-6345: setuptools: Sanitize any VCS URL used for download (bsc#1228105, bsc#1229995) * CVE-2024-3651: idna: Fix a potential DoS via resource consumption via specially crafted inputs to idna.encode() (bsc#1222842, bsc#1229994) * CVE-2024-37891: urllib3: Added the `Proxy-Authorization` header to the list of headers to strip from requests when redirecting to a different host (bsc#1226469, bsc#1229654) * Other bugs fixed: * Fixed failing x509 tests with OpenSSL < 1.1 * Avoid explicit reading of /etc/salt/minion (bsc#1220357) * Allow NamedLoaderContexts to be returned from loader * Reverted the change making reactor less blocking (bsc#1230322) * Use --cachedir for extension_modules in salt-call (bsc#1226141) * Prevent using SyncWrapper with no reason * Enable post_start_cleanup.sh to work in a transaction * Fixed the SELinux context for Salt Minion service (bsc#1219041) * Increase warn_until_date date for code we still support * Avoid crash on wrong output of systemctl version (bsc#1229539) * Improved error handling with different OpenSSL versions * Fixed cloud Minion configuration for multiple Masters (bsc#1229109) * Use Pygit2 idinstead of deprecated oid in gitfs * Added passlib Python module to the bundle ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for Debian 12 zypper in -t patch SUSE-Debian-12-CLIENT-TOOLS-x86_64-2024-4026=1 ## Package List: * SUSE Manager Client Tools for Debian 12 (amd64) * venv-salt-minion-3006.0-2.23.1 ## References: * https://www.suse.com/security/cve/CVE-2024-0397.html * https://www.suse.com/security/cve/CVE-2024-3651.html * https://www.suse.com/security/cve/CVE-2024-37891.html * https://www.suse.com/security/cve/CVE-2024-4032.html * https://www.suse.com/security/cve/CVE-2024-5569.html * https://www.suse.com/security/cve/CVE-2024-6345.html * https://www.suse.com/security/cve/CVE-2024-6923.html * https://www.suse.com/security/cve/CVE-2024-7592.html * https://www.suse.com/security/cve/CVE-2024-8088.html * https://bugzilla.suse.com/show_bug.cgi?id=1219041 * https://bugzilla.suse.com/show_bug.cgi?id=1220357 * https://bugzilla.suse.com/show_bug.cgi?id=1222842 * https://bugzilla.suse.com/show_bug.cgi?id=1226141 * https://bugzilla.suse.com/show_bug.cgi?id=1226447 * https://bugzilla.suse.com/show_bug.cgi?id=1226448 * https://bugzilla.suse.com/show_bug.cgi?id=1226469 * https://bugzilla.suse.com/show_bug.cgi?id=1227547 * https://bugzilla.suse.com/show_bug.cgi?id=1228105 * https://bugzilla.suse.com/show_bug.cgi?id=1228780 * https://bugzilla.suse.com/show_bug.cgi?id=1229109 * https://bugzilla.suse.com/show_bug.cgi?id=1229539 * https://bugzilla.suse.com/show_bug.cgi?id=1229654 * https://bugzilla.suse.com/show_bug.cgi?id=1229704 * https://bugzilla.suse.com/show_bug.cgi?id=1229873 * https://bugzilla.suse.com/show_bug.cgi?id=1229994 * https://bugzilla.suse.com/show_bug.cgi?id=1229995 *https://bugzilla.suse.com/show_bug.cgi?id=1229996 * https://bugzilla.suse.com/show_bug.cgi?id=1230058 * https://bugzilla.suse.com/show_bug.cgi?id=1230059 * https://bugzilla.suse.com/show_bug.cgi?id=1230322 * . Recent patch for SUSE Manager Salt Bundle addresses various vulnerabilities. Ensure systems remain secure and current.. SUSE Manager, Salt Bundle, important security update, DoS vulnerabilities, system security. . Severity: Important. LinuxSecurity.com Team
Nov 18, 2024 •Important SuSE 
100
security advisorycriticalarbitrary code executionSUSE: 2023:4749-1 critical: Salt Bundle arbitrary code execution
* bsc#1213351 * bsc#1214477 * bsc#1215157 * jsc#MSQA-708 . # Security update for SUSE Manager Salt Bundle Announcement ID: SUSE-SU-2023:4749-1 Rating: important References: * bsc#1213351 * bsc#1214477 * bsc#1215157 * jsc#MSQA-708 Cross-References: * CVE-2023-34049 CVSS scores: * CVE-2023-34049 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 * SUSE Linux Enterprise Desktop 15 SP1 * SUSE Linux Enterprise Desktop 15 SP2 * SUSE Linux Enterprise Desktop 15 SP3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.0 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP1 * SUSE Linux Enterprise Real Time 15 SP2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15SP5 * SUSE Manager Client Tools for SLE 15 * SUSE Manager Client Tools for SLE Micro 5 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 Module 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module 4.3 An update that solves one vulnerability, contains one feature and has two security fixes can now be installed. ## Description: This update fixes the following issues: venv-salt-minion: * Security fixes: * CVE-2023-34049: Arbitrary code execution via symlink attack (bsc#1215157) * Non security fixes: * Add python dateutil module to the bundle * Allow all primitive grain types for autosign_grains (bsc#1214477) * Remove non-free RNG schema file (bsc#1213351) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for SLE 15 zypper in -t patch SUSE-SLE-Manager-Tools-15-2023-4749=1 * SUSE Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2023-4749=1 * SUSE Manager Proxy 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2023-4749=1 * SUSE Manager Server 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-4749=1 ## Package List: * SUSE Manager Client Tools for SLE 15 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-150000.3.48.2 * SUSE Manager Client Tools for SLE Micro 5 (aarch64 s390x x86_64) * venv-salt-minion-3006.0-150000.3.48.2 * SUSE Manager Proxy 4.3 Module 4.3 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-150000.3.48.2 * SUSE Manager Server 4.3 Module 4.3 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-150000.3.48.2 ## References: * https://www.suse.com/security/cve/CVE-2023-34049.html * https://bugzilla.suse.com/show_bug.cgi?id=1213351 * https://bugzilla.suse.com/show_bug.cgi?id=1214477 *https://bugzilla.suse.com/show_bug.cgi?id=1215157 * . An updated release for the SUSE Manager Salt Package addresses security loopholes related to code execution, boosting both system stability and protection.. SUSE Manager, Salt Bundle, System Integrity, Security Update. . Severity: Critical. LinuxSecurity.com Team
Dec 14, 2023 •Critical SuSE 100
security advisorymoderate severitypatchSUSE: 2022:3184-1 Moderate: CVE-2022-22967 DoS Security Update
An update that solves one vulnerability and has 6 fixes is now available. . SUSE Security Update: Security update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3184-1 Rating: moderate References: #1195895 #1197288 #1198489 #1198744 #1199372 #1200566 #1201082 Cross-References: CVE-2022-22967 CVSS scores: CVE-2022-22967 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-22967 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Debian 10-CLIENT-TOOLS ______________________________________________________________________________ An update that solves one vulnerability and has 6 fixes is now available. Description: This update fixes the following issues: venv-salt-minion: - Add support for gpgautoimport in zypperpkg module - Update Salt to work with Jinja > = and = 23.0.0 (bsc#1201082) - Add support for name, pkgs and diff_attr parameters to upgrade function for zypper and yum (bsc#1198489) - Fix possible errors on running post install script if semanage is present on the system, but SELinux is not configured - Remove unused imports in the venv wrappers - Set VENV_PIP_TARGET to /var/lib/venv-salt-minion/local to force PIP use it as the destination to install modules - Fix ownership of salt thin directory when using the Salt Bundle - Set default target for pip from VENV_PIP_TARGET environment variable - Normalize package names once with pkg.installed/removed using yum (bsc#1195895) - Save log to logfile with docker.build - Use Salt Bundle in dockermod - Ignore errors on reading license files with dpkg_lowpkg (bsc#1197288) - Fix PAM auth issue due missing check for PAM_ACCT_MGM return value (CVE-2022-22967) (bsc#1200566) Patch Instructions: To install this SUSE Security Updateuse the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 10-CLIENT-TOOLS: zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-x86_64-2022-3184=1 Package List: - SUSE Manager Debian 10-CLIENT-TOOLS (amd64): venv-salt-minion-3004-2.11.2 References: https://www.suse.com/security/cve/CVE-2022-22967.html https://bugzilla.suse.com/1195895 https://bugzilla.suse.com/1197288 https://bugzilla.suse.com/1198489 https://bugzilla.suse.com/1198744 https://bugzilla.suse.com/1199372 https://bugzilla.suse.com/1200566 https://bugzilla.suse.com/1201082 . SUSE Security Announcement: Addresses a single flaw and introduces 6 enhancements for the SUSE Manager Salt Collection. Now accessible.. SUSE Manager, Salt Bundle, Abusive Access, Software Patch, CVE Update. . LinuxSecurity.com Team
Sep 08, 2022 SuSE 100
security advisorymoderate severityauthentication issueSUSE: 2022:1534-1 Moderate: Salt Bundle Security Update
An update that fixes four vulnerabilities is now available. . SUSE Security Update: Security Beta update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1534-1 Rating: moderate References: #1197417 #1197637 #1198556 Cross-References: CVE-2022-22934 CVE-2022-22935 CVE-2022-22936 CVE-2022-22941 CVSS scores: CVE-2022-22934 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22934 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22935 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-22935 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-22936 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22936 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-22941 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-22941 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update fixes the following issues: venv-salt-minion: - Fix the regression caused by the patch removing strict requirement for OpenSSL 1.1.1 leading to read/write issues with ssl module for SLE 15, SLE 12, CentOS 7, Debian 9 (bsc#1198556) - Fixes for Python 3.10 - Fix salt-ssh opts poisoning (bsc#1197637) - Fix multiple security issues (bsc#1197417) * CVE-2022-22935: Sign authentication replies to prevent MiTM. * CVE-2022-22934: Sign pillar data to prevent MiTM attacks. * CVE-2022-22936: Prevent job and fileserver replays. * CVE-2022-22941: Fixed targetingbug, especially visible when using syndic and user auth. - Salt version bump to 3004 - Python version bump to 3.10.2 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Ubuntu-18.04-CLIENT-TOOLS-BETA-2022-1534=1 Package List: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA (amd64): venv-salt-minion-3004-2.9.1 References: https://www.suse.com/security/cve/CVE-2022-22934.html https://www.suse.com/security/cve/CVE-2022-22935.html https://www.suse.com/security/cve/CVE-2022-22936.html https://www.suse.com/security/cve/CVE-2022-22941.html https://bugzilla.suse.com/1197417 https://bugzilla.suse.com/1197637 https://bugzilla.suse.com/1198556 . SUSE Security Patch for Salt Suite addresses various vulnerabilities affecting user verification and task re-executions.. SUSE Manager Update,Salt Bundle Security Fix,Modrate Advisory,SUSE Linux Security. . LinuxSecurity.com Team
May 04, 2022 SuSE 
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!