SUSE-SU-2020:14332-1: important: Security Beta update for Salt

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Mar 24 14:17:46 MDT 2020


   SUSE Security Update: Security Beta update for Salt
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:14332-1
Rating:             important
References:         #1157465 #1162327 #1162504 #1163981 #1165425 
                    
Cross-References:   CVE-2019-18897
Affected Products:
                    SUSE Manager Ubuntu 16.04-CLIENT-TOOLS-BETA
______________________________________________________________________________

   An update that solves one vulnerability and has four fixes
   is now available.

Description:


   This update fixes the following issues:

   salt:
   - Requiring python3-distro only for openSUSE/SLE >= 15
   - Use full option name instead of undocumented abbreviation for zypper
   - Python-distro is only needed for > Python 3.7. Removing it for Python 2
   - Fixed a local privilege escalation to root (bsc#1157465) (CVE-2019-18897)
   - Fix unit tests failures in test_batch_async tests
   - Batch Async: Handle exceptions, properly unregister and close instances
     after running async batching to avoid CPU starvation of the MWorkers
     (bsc#1162327)
   - RHEL/CentOS 8 uses platform-python instead of python3
   - Enable build for Python 3.8
   - Update to Salt version 2019.2.3 (bsc#1163981) (bsc#1162504)
   - Replacing pycrypto with M2Crypto (bsc#1165425)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Manager Ubuntu 16.04-CLIENT-TOOLS-BETA:

      zypper in -t patch suse-ubu164ct-salt-beta-202003-14332=1



Package List:

   - SUSE Manager Ubuntu 16.04-CLIENT-TOOLS-BETA (all):

      salt-common-2019.2.2+ds-1.1+9.9.2
      salt-minion-2019.2.2+ds-1.1+9.9.2


References:

   https://www.suse.com/security/cve/CVE-2019-18897.html
   https://bugzilla.suse.com/1157465
   https://bugzilla.suse.com/1162327
   https://bugzilla.suse.com/1162504
   https://bugzilla.suse.com/1163981
   https://bugzilla.suse.com/1165425



More information about the sle-security-updates mailing list