SUSE-SU-2018:1757-1: moderate: Security update for salt

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Jun 19 13:41:02 MDT 2018


   SUSE Security Update: Security update for salt
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:1757-1
Rating:             moderate
References:         #1059291 #1061407 #1062464 #1064520 #1075950 
                    #1079048 #1081592 #1087055 #1087278 #1087581 
                    #1087891 #1088888 #1089112 #1089362 #1089526 
                    #1090242 #1091371 #1092161 #1092373 #1094055 
                    #1097174 #1097413 
Cross-References:   CVE-2017-14695 CVE-2017-14696
Affected Products:
                    SUSE Manager Tools 12
                    SUSE Manager Server 3.1
                    SUSE Manager Server 3.0
                    SUSE Manager Proxy 3.1
                    SUSE Manager Proxy 3.0
                    SUSE Linux Enterprise Point of Sale 12-SP2
                    SUSE Linux Enterprise Module for Advanced Systems Management 12
______________________________________________________________________________

   An update that solves two vulnerabilities and has 20 fixes
   is now available.

Description:

   This update for salt provides version 2018.3 and brings many fixes and
   improvements:

   - Fix for sorting of multi-version packages (bsc#1097174 and bsc#1097413)
   - Align SUSE salt-master.service 'LimitNOFILES' limit with upstream Salt
   - Add 'other' attribute to GECOS fields to avoid inconsistencies with chfn
   - Prevent zypper from parsing repo configuration from  not .repo files
     (bsc#1094055)
   - Collect all versions of installed packages on SUSE and RHEL  systems
     (bsc#1089526)
   - No more AWS EC2 rate limitations in salt-cloud. (bsc#1088888)
   - MySQL returner now also allows to use Unix sockets. (bsc#1091371)
   - Do not override jid on returners, only sending back to master.
     (bsc#1092373)
   - Remove minion/thin/version if exists to force thin regeneration.
     (bsc#1092161)
   - Fix minion scheduler to return a 'retcode' attribute. (bsc#1089112)
   - Fix for logging during network interface querying. (bsc#1087581)
   - Fix rhel packages requires both net-tools and iproute. (bsc#1087055)
   - Fix patchinstall on yum module. Bad comparison. (bsc#1087278)
   - Strip trailing commas on Linux user's GECOS fields. (bsc#1089362)
   - Fallback to PyMySQL. (bsc#1087891)
   - Fix for [Errno 0] Resolver Error 0 (no error). (bsc#1087581)
   - Add python-2.6 support to salt-ssh.
   - Make it possible to use docker login, pull and push from module.run and
     detect errors.
   - Fix unicode decode error with salt-ssh.
   - Fix cp.push empty file. (bsc#1075950)
   - Fix grains containing trailing "\n".
   - Remove salt-minion python2 requirement when python3 is default.
     (bsc#1081592)
   - Restoring installation of packages for Rhel 6 and 7.
   - Prevent queryformat pattern from expanding. (bsc#1079048)
   - Fix for delete_deployment in Kubernetes module. (bsc#1059291)
   - Fix bsc#1062464 and CVE-2017-14696 already included in 2017.7.2.
   - Fix wrong version reported by Salt. (bsc#1061407)
   - Run salt-api as user salt. (bsc#1064520)

   For a detailed description, please refer to the upstream-changelog at
   https://docs.saltstack.com/en/latest/topics/releases/index.html or to the
   rpm-changelog.

   supportutils-plugin-salt:

   - Collect salt-api, salt-broker and salt-ssh log files (bsc#1090242)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Manager Tools 12:

      zypper in -t patch SUSE-SLE-Manager-Tools-12-2018-1157=1

   - SUSE Manager Server 3.1:

      zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2018-1157=1

   - SUSE Manager Server 3.0:

      zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2018-1157=1

   - SUSE Manager Proxy 3.1:

      zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2018-1157=1

   - SUSE Manager Proxy 3.0:

      zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2018-1157=1

   - SUSE Linux Enterprise Point of Sale 12-SP2:

      zypper in -t patch SUSE-SLE-POS-12-SP2-2018-1157=1

   - SUSE Linux Enterprise Module for Advanced Systems Management 12:

      zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2018-1157=1



Package List:

   - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64):

      python2-salt-2018.3.0-46.28.1
      python3-salt-2018.3.0-46.28.1
      salt-2018.3.0-46.28.1
      salt-doc-2018.3.0-46.28.1
      salt-minion-2018.3.0-46.28.1

   - SUSE Manager Tools 12 (noarch):

      supportutils-plugin-salt-1.1.4-6.9.1

   - SUSE Manager Server 3.1 (ppc64le s390x x86_64):

      python2-salt-2018.3.0-46.28.1
      python3-salt-2018.3.0-46.28.1
      salt-2018.3.0-46.28.1
      salt-api-2018.3.0-46.28.1
      salt-cloud-2018.3.0-46.28.1
      salt-doc-2018.3.0-46.28.1
      salt-master-2018.3.0-46.28.1
      salt-minion-2018.3.0-46.28.1
      salt-proxy-2018.3.0-46.28.1
      salt-ssh-2018.3.0-46.28.1
      salt-syndic-2018.3.0-46.28.1

   - SUSE Manager Server 3.1 (noarch):

      salt-bash-completion-2018.3.0-46.28.1
      salt-zsh-completion-2018.3.0-46.28.1
      supportutils-plugin-salt-1.1.4-6.9.1

   - SUSE Manager Server 3.0 (s390x x86_64):

      python2-salt-2018.3.0-46.28.1
      salt-2018.3.0-46.28.1
      salt-api-2018.3.0-46.28.1
      salt-doc-2018.3.0-46.28.1
      salt-master-2018.3.0-46.28.1
      salt-minion-2018.3.0-46.28.1
      salt-proxy-2018.3.0-46.28.1
      salt-ssh-2018.3.0-46.28.1
      salt-syndic-2018.3.0-46.28.1

   - SUSE Manager Server 3.0 (noarch):

      salt-bash-completion-2018.3.0-46.28.1
      salt-zsh-completion-2018.3.0-46.28.1
      supportutils-plugin-salt-1.1.4-6.9.1

   - SUSE Manager Proxy 3.1 (ppc64le x86_64):

      python2-salt-2018.3.0-46.28.1
      python3-salt-2018.3.0-46.28.1
      salt-2018.3.0-46.28.1
      salt-minion-2018.3.0-46.28.1

   - SUSE Manager Proxy 3.1 (noarch):

      supportutils-plugin-salt-1.1.4-6.9.1

   - SUSE Manager Proxy 3.0 (noarch):

      salt-bash-completion-2018.3.0-46.28.1
      salt-zsh-completion-2018.3.0-46.28.1
      supportutils-plugin-salt-1.1.4-6.9.1

   - SUSE Manager Proxy 3.0 (x86_64):

      python2-salt-2018.3.0-46.28.1
      salt-2018.3.0-46.28.1
      salt-api-2018.3.0-46.28.1
      salt-doc-2018.3.0-46.28.1
      salt-master-2018.3.0-46.28.1
      salt-minion-2018.3.0-46.28.1
      salt-proxy-2018.3.0-46.28.1
      salt-ssh-2018.3.0-46.28.1
      salt-syndic-2018.3.0-46.28.1

   - SUSE Linux Enterprise Point of Sale 12-SP2 (x86_64):

      python2-salt-2018.3.0-46.28.1
      salt-2018.3.0-46.28.1
      salt-minion-2018.3.0-46.28.1

   - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64):

      python2-salt-2018.3.0-46.28.1
      salt-2018.3.0-46.28.1
      salt-api-2018.3.0-46.28.1
      salt-cloud-2018.3.0-46.28.1
      salt-doc-2018.3.0-46.28.1
      salt-master-2018.3.0-46.28.1
      salt-minion-2018.3.0-46.28.1
      salt-proxy-2018.3.0-46.28.1
      salt-ssh-2018.3.0-46.28.1
      salt-syndic-2018.3.0-46.28.1

   - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch):

      salt-bash-completion-2018.3.0-46.28.1
      salt-zsh-completion-2018.3.0-46.28.1


References:

   https://www.suse.com/security/cve/CVE-2017-14695.html
   https://www.suse.com/security/cve/CVE-2017-14696.html
   https://bugzilla.suse.com/1059291
   https://bugzilla.suse.com/1061407
   https://bugzilla.suse.com/1062464
   https://bugzilla.suse.com/1064520
   https://bugzilla.suse.com/1075950
   https://bugzilla.suse.com/1079048
   https://bugzilla.suse.com/1081592
   https://bugzilla.suse.com/1087055
   https://bugzilla.suse.com/1087278
   https://bugzilla.suse.com/1087581
   https://bugzilla.suse.com/1087891
   https://bugzilla.suse.com/1088888
   https://bugzilla.suse.com/1089112
   https://bugzilla.suse.com/1089362
   https://bugzilla.suse.com/1089526
   https://bugzilla.suse.com/1090242
   https://bugzilla.suse.com/1091371
   https://bugzilla.suse.com/1092161
   https://bugzilla.suse.com/1092373
   https://bugzilla.suse.com/1094055
   https://bugzilla.suse.com/1097174
   https://bugzilla.suse.com/1097413



More information about the sle-security-updates mailing list