<div class="container">
<h1>Security update for SUSE Manager Salt Bundle</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2024:4020-1</td>
</tr>
<tr>
<th>Release Date:</th>
<td>2024-11-18T13:25:06Z</td>
</tr>
<tr>
<th>Rating:</th>
<td>important</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1219041">bsc#1219041</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1220357">bsc#1220357</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1222842">bsc#1222842</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1226141">bsc#1226141</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1226447">bsc#1226447</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1226448">bsc#1226448</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1226469">bsc#1226469</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1227547">bsc#1227547</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1228105">bsc#1228105</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1228780">bsc#1228780</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1229109">bsc#1229109</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1229539">bsc#1229539</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1229654">bsc#1229654</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1229704">bsc#1229704</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1229873">bsc#1229873</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1229994">bsc#1229994</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1229995">bsc#1229995</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1229996">bsc#1229996</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1230058">bsc#1230058</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1230059">bsc#1230059</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1230322">bsc#1230322</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1231045">bsc#1231045</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1231697">bsc#1231697</a>
</li>
<li style="display: inline;">
<a href="https://jira.suse.com/browse/MSQA-863">jsc#MSQA-863</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-0397.html">CVE-2024-0397</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-3651.html">CVE-2024-3651</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-37891.html">CVE-2024-37891</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-4032.html">CVE-2024-4032</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-5569.html">CVE-2024-5569</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-6345.html">CVE-2024-6345</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-6923.html">CVE-2024-6923</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-7592.html">CVE-2024-7592</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-8088.html">CVE-2024-8088</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-0397</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">4.8</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-3651</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-3651</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-37891</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">4.4</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-4032</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">3.7</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-5569</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">3.3</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-6345</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.0</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-6923</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-7592</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">2.6</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-7592</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-8088</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.9</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-8088</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.3</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">SUSE Linux Enterprise Desktop 12</li>
<li class="list-group-item">SUSE Linux Enterprise Desktop 12 SP1</li>
<li class="list-group-item">SUSE Linux Enterprise Desktop 12 SP2</li>
<li class="list-group-item">SUSE Linux Enterprise Desktop 12 SP3</li>
<li class="list-group-item">SUSE Linux Enterprise Desktop 12 SP4</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 12 SP2</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 12 SP3</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 12 SP4</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server 12</li>
<li class="list-group-item">SUSE Linux Enterprise Server 12 SP1</li>
<li class="list-group-item">SUSE Linux Enterprise Server 12 SP2</li>
<li class="list-group-item">SUSE Linux Enterprise Server 12 SP3</li>
<li class="list-group-item">SUSE Linux Enterprise Server 12 SP4</li>
<li class="list-group-item">SUSE Linux Enterprise Server 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 12</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 12 SP1</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 12 SP2</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 12 SP3</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 12 SP4</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2</li>
<li class="list-group-item">SUSE Manager Client Tools for SLE 12</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves nine vulnerabilities, contains one feature and has 14 security fixes can now be installed.</p>
<h2>Description:</h2>
<p>This update fixes the following issues:</p>
<p>venv-salt-minion:</p>
<ul>
<li>
<p>Security fixes on Python 3.11 interpreter:</p>
</li>
<li>
<p>CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes
(bsc#1229873, bsc#1230059)</p>
</li>
<li>CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Path (bsc#1229704, bsc#1230058)</li>
<li>CVE-2024-6923: Prevent email header injection due to unquoted newlines (bsc#1228780)</li>
<li>CVE-2024-4032: Rearranging definition of private global IP addresses (bsc#1226448)</li>
<li>
<p>CVE-2024-0397: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs() now correctly lock access to the
certificate store, when the ssl.SSLContext is shared across multiple threads (bsc#1226447)</p>
</li>
<li>
<p>Security fixes on Python dependencies:</p>
</li>
<li>
<p>CVE-2024-5569: zipp: Fixed a Denial of Service (DoS) vulnerability in the jaraco/zipp library
(bsc#1227547, bsc#1229996)</p>
</li>
<li>CVE-2024-6345: setuptools: Sanitize any VCS URL used for download (bsc#1228105, bsc#1229995)</li>
<li>CVE-2024-3651: idna: Fix a potential DoS via resource consumption via specially crafted inputs to idna.encode()
(bsc#1222842, bsc#1229994)</li>
<li>
<p>CVE-2024-37891: urllib3: Added the <code>Proxy-Authorization</code> header to the list of headers to strip from requests
when redirecting to a different host (bsc#1226469, bsc#1229654)</p>
</li>
<li>
<p>Other bugs fixed:</p>
</li>
<li>
<p>Added passlib Python module to the bundle</p>
</li>
<li>Allow NamedLoaderContexts to be returned from loader</li>
<li>Avoid crash on wrong output of systemctl version (bsc#1229539)</li>
<li>Avoid explicit reading of /etc/salt/minion (bsc#1220357)</li>
<li>Enable post_start_cleanup.sh to work in a transaction</li>
<li>Fixed cloud Minion configuration for multiple Masters (bsc#1229109)</li>
<li>Fixed failing x509 tests with OpenSSL < 1.1 </li>
<li>Fixed the SELinux context for Salt Minion service (bsc#1219041)</li>
<li>Fixed zyppnotify plugin after latest zypp/libzypp upgrades (bsc#1231697, bsc#1231045)</li>
<li>Improved error handling with different OpenSSL versions</li>
<li>Increase warn_until_date date for code we still support</li>
<li>Prevent using SyncWrapper with no reason</li>
<li>Reverted the change making reactor less blocking (bsc#1230322)</li>
<li>Use --cachedir for extension_modules in salt-call (bsc#1226141)</li>
<li>Use Pygit2 id instead of deprecated oid in gitfs</li>
</ul>
<h2>Special Instructions and Notes:</h2>
<ul>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Manager Client Tools for SLE 12
<br/>
<code>zypper in -t patch SUSE-SLE-Manager-Tools-12-2024-4020=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Manager Client Tools for SLE 12 (aarch64 ppc64le s390x x86_64)
<ul>
<li>venv-salt-minion-3006.0-3.65.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-0397.html">https://www.suse.com/security/cve/CVE-2024-0397.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-3651.html">https://www.suse.com/security/cve/CVE-2024-3651.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-37891.html">https://www.suse.com/security/cve/CVE-2024-37891.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-4032.html">https://www.suse.com/security/cve/CVE-2024-4032.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-5569.html">https://www.suse.com/security/cve/CVE-2024-5569.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-6345.html">https://www.suse.com/security/cve/CVE-2024-6345.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-6923.html">https://www.suse.com/security/cve/CVE-2024-6923.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-7592.html">https://www.suse.com/security/cve/CVE-2024-7592.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-8088.html">https://www.suse.com/security/cve/CVE-2024-8088.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1219041">https://bugzilla.suse.com/show_bug.cgi?id=1219041</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1220357">https://bugzilla.suse.com/show_bug.cgi?id=1220357</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1222842">https://bugzilla.suse.com/show_bug.cgi?id=1222842</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1226141">https://bugzilla.suse.com/show_bug.cgi?id=1226141</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1226447">https://bugzilla.suse.com/show_bug.cgi?id=1226447</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1226448">https://bugzilla.suse.com/show_bug.cgi?id=1226448</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1226469">https://bugzilla.suse.com/show_bug.cgi?id=1226469</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1227547">https://bugzilla.suse.com/show_bug.cgi?id=1227547</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1228105">https://bugzilla.suse.com/show_bug.cgi?id=1228105</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1228780">https://bugzilla.suse.com/show_bug.cgi?id=1228780</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1229109">https://bugzilla.suse.com/show_bug.cgi?id=1229109</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1229539">https://bugzilla.suse.com/show_bug.cgi?id=1229539</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1229654">https://bugzilla.suse.com/show_bug.cgi?id=1229654</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1229704">https://bugzilla.suse.com/show_bug.cgi?id=1229704</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1229873">https://bugzilla.suse.com/show_bug.cgi?id=1229873</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1229994">https://bugzilla.suse.com/show_bug.cgi?id=1229994</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1229995">https://bugzilla.suse.com/show_bug.cgi?id=1229995</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1229996">https://bugzilla.suse.com/show_bug.cgi?id=1229996</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1230058">https://bugzilla.suse.com/show_bug.cgi?id=1230058</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1230059">https://bugzilla.suse.com/show_bug.cgi?id=1230059</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1230322">https://bugzilla.suse.com/show_bug.cgi?id=1230322</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1231045">https://bugzilla.suse.com/show_bug.cgi?id=1231045</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1231697">https://bugzilla.suse.com/show_bug.cgi?id=1231697</a>
</li>
<li>
<a href="https://jira.suse.com/browse/MSQA-863">https://jira.suse.com/browse/MSQA-863</a>
</li>
</ul>
</div>