SUSE-SU-2021:3906-1: moderate: Security Beta update for Salt
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Fri Dec 3 14:31:57 UTC 2021
SUSE Security Update: Security Beta update for Salt
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:3906-1
Rating: moderate
References: #1164192 #1167586 #1168327 #1180650 #1184659
#1185131 #1186287 #1186310 #1186674 #1187787
#1187813 #1188170 #1188641 #1188647 #1189040
#1189043 #1190114 #1190265 #1190446 #1191412
Cross-References: CVE-2021-21996
CVSS scores:
CVE-2021-21996 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Affected Products:
SUSE Manager Tools 12-BETA
______________________________________________________________________________
An update that solves one vulnerability and has 19 fixes is
now available.
Description:
This update fixes the following issues:
salt:
- Remove wrong _parse_cpe_name from grains.core
- Prevent tracebacks if directory for cookie is missing
- Fix file.find tracebacks with non utf8 file names (bsc#1190114)
- Fix ip6_interface grain to not leak secondary IPv4 aliases (bsc#1191412)
- Do not consider skipped targets as failed for ansible.playbooks state
(bsc#1190446)
- Fix traceback.*_exc() calls
- Fix the regression of docker_container state module
- Support querying for JSON data in external sql pillar
- Exclude the full path of a download URL to prevent injection of
malicious code (bsc#1190265) (CVE-2021-21996)
- Fix wrong relative paths resolution with Jinja renderer when importing
subdirectories
- Fix python-MarkupSafe dependency (bsc#1189043)
- Add missing aarch64 to rpm package architectures
- Consolidate some state requisites (bsc#1188641)
- Fix failing unit test for systemd
- Fix error handling in openscap module (bsc#1188647)
- Better handling of bad public keys from minions (bsc#1189040)
- Define license macro as doc in spec file if not existing
- Add standalone formulas configuration for salt minion and remove
salt-master requirement (bsc#1168327)
- Do noop for services states when running systemd in offline mode
(bsc#1187787)
- Transactional_updates: do not execute states in parallel but use a queue
(bsc#1188170)
- Handle "master tops" data when states are applied by
"transactional_update" (bsc#1187787)
- Enhance openscap module: add "xccdf_eval" call
- Virt: pass emulator when getting domain capabilities from libvirt
- Implementation of held/unheld functions for state pkg (bsc#1187813)
- Fix exception in yumpkg.remove for not installed package
- Fix save for iptables state module (bsc#1185131)
- Virt: use /dev/kvm to detect KVM
- Zypperpkg: improve logic for handling vendorchange flags
- Add bundled provides for tornado to the spec file
- Enhance logging when inotify beacon is missing pyinotify (bsc#1186310)
- Add "python3-pyinotify" as a recommended package for Salt in
SUSE/openSUSE distros
- Check if dpkgnotify is executable (bsc#1186674)
- Detect Python version to use inside container (bsc#1167586) (bsc#1164192)
- Handle volumes on stopped pools in virt.vm_info (bsc#1186287)
- Grains.extra: support old non-intel kernels (bsc#1180650)
- Fix missing minion returns in batch mode (bsc#1184659)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Manager Tools 12-BETA:
zypper in -t patch SUSE-SLE-Manager-Tools-12-BETA-2021-3906=1
Package List:
- SUSE Manager Tools 12-BETA (aarch64 ppc64le s390x x86_64):
python-MarkupSafe-0.23-6.5.1
python-MarkupSafe-debuginfo-0.23-6.5.1
python-MarkupSafe-debugsource-0.23-6.5.1
python-PyYAML-5.1.2-29.5.1
python-PyYAML-debuginfo-5.1.2-29.5.1
python-PyYAML-debugsource-5.1.2-29.5.1
python-msgpack-python-0.4.6-11.5.1
python-msgpack-python-debuginfo-0.4.6-11.5.1
python-msgpack-python-debugsource-0.4.6-11.5.1
python-psutil-5.2.2-18.5.1
python-psutil-debuginfo-5.2.2-18.5.1
python-psutil-debugsource-5.2.2-18.5.1
python-pycrypto-2.6.1-13.5.1
python-pyzmq-14.0.0-12.5.1
python-pyzmq-debuginfo-14.0.0-12.5.1
python-pyzmq-debugsource-14.0.0-12.5.1
python2-salt-3000-49.38.2
python3-MarkupSafe-0.23-6.5.1
python3-PyYAML-5.1.2-29.5.1
python3-msgpack-python-0.4.6-11.5.1
python3-psutil-5.2.2-18.5.1
python3-pycrypto-2.6.1-13.5.1
python3-pyzmq-14.0.0-12.5.1
python3-salt-3000-49.38.2
salt-3000-49.38.2
salt-doc-3000-49.38.2
salt-minion-3000-49.38.2
- SUSE Manager Tools 12-BETA (ppc64le s390x x86_64):
python-pycrypto-debuginfo-2.6.1-13.5.1
- SUSE Manager Tools 12-BETA (noarch):
python-Jinja2-2.8-22.5.1
python-singledispatch-3.4.0.3-4.8.1
python3-Jinja2-2.8-22.5.1
References:
https://www.suse.com/security/cve/CVE-2021-21996.html
https://bugzilla.suse.com/1164192
https://bugzilla.suse.com/1167586
https://bugzilla.suse.com/1168327
https://bugzilla.suse.com/1180650
https://bugzilla.suse.com/1184659
https://bugzilla.suse.com/1185131
https://bugzilla.suse.com/1186287
https://bugzilla.suse.com/1186310
https://bugzilla.suse.com/1186674
https://bugzilla.suse.com/1187787
https://bugzilla.suse.com/1187813
https://bugzilla.suse.com/1188170
https://bugzilla.suse.com/1188641
https://bugzilla.suse.com/1188647
https://bugzilla.suse.com/1189040
https://bugzilla.suse.com/1189043
https://bugzilla.suse.com/1190114
https://bugzilla.suse.com/1190265
https://bugzilla.suse.com/1190446
https://bugzilla.suse.com/1191412
More information about the sle-updates
mailing list