SUSE-SU-2020:0762-1: important: Security Beta update for Salt
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Tue Mar 24 14:22:39 MDT 2020
SUSE Security Update: Security Beta update for Salt
______________________________________________________________________________
Announcement ID: SUSE-SU-2020:0762-1
Rating: important
References: #1157465 #1162327 #1162504 #1163981 #1165425
Cross-References: CVE-2019-18897
Affected Products:
SUSE Manager Tools 12-BETA
______________________________________________________________________________
An update that solves one vulnerability and has four fixes
is now available.
Description:
This update fixes the following issues:
salt:
- Requiring python3-distro only for openSUSE/SLE >= 15
- Use full option name instead of undocumented abbreviation for zypper
- Python-distro is only needed for > Python 3.7. Removing it for Python 2
- Fixed a local privilege escalation to root (bsc#1157465) (CVE-2019-18897)
- Fix unit tests failures in test_batch_async tests
- Batch Async: Handle exceptions, properly unregister and close instances
after running async batching to avoid CPU starvation of the MWorkers
(bsc#1162327)
- RHEL/CentOS 8 uses platform-python instead of python3
- Enable build for Python 3.8
- Update to Salt version 2019.2.3 (bsc#1163981) (bsc#1162504)
- Replacing pycrypto with M2Crypto (bsc#1165425)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Manager Tools 12-BETA:
zypper in -t patch SUSE-SLE-Manager-Tools-12-2020-762=1
Package List:
- SUSE Manager Tools 12-BETA (aarch64 ppc64le s390x x86_64):
python2-salt-2019.2.3-49.12.1
python3-salt-2019.2.3-49.12.1
salt-2019.2.3-49.12.1
salt-doc-2019.2.3-49.12.1
salt-minion-2019.2.3-49.12.1
References:
https://www.suse.com/security/cve/CVE-2019-18897.html
https://bugzilla.suse.com/1157465
https://bugzilla.suse.com/1162327
https://bugzilla.suse.com/1162504
https://bugzilla.suse.com/1163981
https://bugzilla.suse.com/1165425
More information about the sle-security-updates
mailing list