SUSE-SU-2017:3380-1: moderate: Security update for Salt
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Wed Dec 20 10:25:26 MST 2017
SUSE Security Update: Security update for Salt
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:3380-1
Rating: moderate
References: #1041993 #1042749 #1050003 #1059291 #1059758
#1060230 #1062462 #1062464 #985112
Cross-References: CVE-2017-14695 CVE-2017-14696
Affected Products:
SUSE Manager Tools 12
SUSE Manager Server 3.1
SUSE Manager Server 3.0
SUSE Manager Proxy 3.1
SUSE Manager Proxy 3.0
SUSE Linux Enterprise Point of Sale 12-SP2
SUSE Linux Enterprise Module for Advanced Systems Management 12
SUSE Enterprise Storage 5
SUSE Enterprise Storage 4
SUSE Enterprise Storage 3
SUSE Container as a Service Platform ALL
OpenStack Cloud Magnum Orchestration 7
______________________________________________________________________________
An update that solves two vulnerabilities and has 7 fixes
is now available.
Description:
This update for salt fixes one security issue and bugs.
The following security issues have been fixed:
- CVE-2017-14695: A directory traversal vulnerability in minion id
validation allowed remote minions with incorrect credentials to
authenticate to a master via a crafted minion ID. (bsc#1062462)
- CVE-2017-14696: It was possible to force a remote Denial of Service with
a specially crafted authentication request. (bsc#1062464)
Additionally, the following non-security issues have been fixed:
- Removed deprecation warning for beacon configuration using dictionaries.
(bsc#1041993)
- Fixed beacons failure when pillar-based suppressing config-based.
(bsc#1060230)
- Fixed minion resource exhaustion when many functions are being executed
in parallel. (bsc#1059758)
- Remove 'TasksTask' attribute from salt-master.service in older versions
of systemd. (bsc#985112)
- Fix for delete_deployment in Kubernetes module. (bsc#1059291)
- Catching error when PIDfile cannot be deleted. (bsc#1050003)
- Use $HOME to get the user home directory instead using '~' char.
(bsc#1042749)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Manager Tools 12:
zypper in -t patch SUSE-SLE-Manager-Tools-12-2017-2111=1
- SUSE Manager Server 3.1:
zypper in -t patch SUSE-SUSE-Manager-Server-3.1-2017-2111=1
- SUSE Manager Server 3.0:
zypper in -t patch SUSE-SUSE-Manager-Server-3.0-2017-2111=1
- SUSE Manager Proxy 3.1:
zypper in -t patch SUSE-SUSE-Manager-Proxy-3.1-2017-2111=1
- SUSE Manager Proxy 3.0:
zypper in -t patch SUSE-SUSE-Manager-Proxy-3.0-2017-2111=1
- SUSE Linux Enterprise Point of Sale 12-SP2:
zypper in -t patch SUSE-SLE-POS-12-SP2-2017-2111=1
- SUSE Linux Enterprise Module for Advanced Systems Management 12:
zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2017-2111=1
- SUSE Enterprise Storage 5:
zypper in -t patch SUSE-Storage-5-2017-2111=1
- SUSE Enterprise Storage 4:
zypper in -t patch SUSE-Storage-4-2017-2111=1
- SUSE Enterprise Storage 3:
zypper in -t patch SUSE-Storage-3-2017-2111=1
- SUSE Container as a Service Platform ALL:
zypper in -t patch SUSE-CAASP-ALL-2017-2111=1
- OpenStack Cloud Magnum Orchestration 7:
zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-2111=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64):
salt-2016.11.4-46.10.1
salt-doc-2016.11.4-46.10.1
salt-minion-2016.11.4-46.10.1
- SUSE Manager Server 3.1 (ppc64le s390x x86_64):
salt-2016.11.4-46.10.1
salt-api-2016.11.4-46.10.1
salt-cloud-2016.11.4-46.10.1
salt-doc-2016.11.4-46.10.1
salt-master-2016.11.4-46.10.1
salt-minion-2016.11.4-46.10.1
salt-proxy-2016.11.4-46.10.1
salt-ssh-2016.11.4-46.10.1
salt-syndic-2016.11.4-46.10.1
- SUSE Manager Server 3.1 (noarch):
salt-bash-completion-2016.11.4-46.10.1
salt-zsh-completion-2016.11.4-46.10.1
- SUSE Manager Server 3.0 (s390x x86_64):
salt-2016.11.4-46.10.1
salt-api-2016.11.4-46.10.1
salt-doc-2016.11.4-46.10.1
salt-master-2016.11.4-46.10.1
salt-minion-2016.11.4-46.10.1
salt-proxy-2016.11.4-46.10.1
salt-ssh-2016.11.4-46.10.1
salt-syndic-2016.11.4-46.10.1
- SUSE Manager Server 3.0 (noarch):
salt-bash-completion-2016.11.4-46.10.1
salt-zsh-completion-2016.11.4-46.10.1
- SUSE Manager Proxy 3.1 (ppc64le x86_64):
salt-2016.11.4-46.10.1
salt-minion-2016.11.4-46.10.1
- SUSE Manager Proxy 3.0 (noarch):
salt-bash-completion-2016.11.4-46.10.1
salt-zsh-completion-2016.11.4-46.10.1
- SUSE Manager Proxy 3.0 (x86_64):
salt-2016.11.4-46.10.1
salt-api-2016.11.4-46.10.1
salt-doc-2016.11.4-46.10.1
salt-master-2016.11.4-46.10.1
salt-minion-2016.11.4-46.10.1
salt-proxy-2016.11.4-46.10.1
salt-ssh-2016.11.4-46.10.1
salt-syndic-2016.11.4-46.10.1
- SUSE Linux Enterprise Point of Sale 12-SP2 (x86_64):
salt-2016.11.4-46.10.1
salt-minion-2016.11.4-46.10.1
- SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64):
salt-2016.11.4-46.10.1
salt-api-2016.11.4-46.10.1
salt-cloud-2016.11.4-46.10.1
salt-doc-2016.11.4-46.10.1
salt-master-2016.11.4-46.10.1
salt-minion-2016.11.4-46.10.1
salt-proxy-2016.11.4-46.10.1
salt-ssh-2016.11.4-46.10.1
salt-syndic-2016.11.4-46.10.1
- SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch):
salt-bash-completion-2016.11.4-46.10.1
salt-zsh-completion-2016.11.4-46.10.1
- SUSE Enterprise Storage 5 (aarch64 x86_64):
salt-2016.11.4-46.10.1
salt-api-2016.11.4-46.10.1
salt-master-2016.11.4-46.10.1
salt-minion-2016.11.4-46.10.1
- SUSE Enterprise Storage 4 (aarch64 x86_64):
salt-2016.11.4-46.10.1
salt-master-2016.11.4-46.10.1
salt-minion-2016.11.4-46.10.1
- SUSE Enterprise Storage 3 (aarch64 x86_64):
salt-2016.11.4-46.10.1
salt-master-2016.11.4-46.10.1
salt-minion-2016.11.4-46.10.1
- SUSE Container as a Service Platform ALL (x86_64):
salt-2016.11.4-46.10.1
salt-minion-2016.11.4-46.10.1
- OpenStack Cloud Magnum Orchestration 7 (x86_64):
salt-2016.11.4-46.10.1
salt-minion-2016.11.4-46.10.1
References:
https://www.suse.com/security/cve/CVE-2017-14695.html
https://www.suse.com/security/cve/CVE-2017-14696.html
https://bugzilla.suse.com/1041993
https://bugzilla.suse.com/1042749
https://bugzilla.suse.com/1050003
https://bugzilla.suse.com/1059291
https://bugzilla.suse.com/1059758
https://bugzilla.suse.com/1060230
https://bugzilla.suse.com/1062462
https://bugzilla.suse.com/1062464
https://bugzilla.suse.com/985112
More information about the sle-security-updates
mailing list