python3-salt-3006.0-7.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13650-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z python3-salt-3006.0-7.1 on GA media These are all security issues fixed in the python3-salt-3006.0-7.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13650 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-22231/ SUSE CVE CVE-2024-22231 page https://www.suse.com/security/cve/CVE-2024-22232/ SUSE CVE CVE-2024-22232 page openSUSE Tumbleweed python3-salt-3006.0-7.1 salt-3006.0-7.1 salt-api-3006.0-7.1 salt-bash-completion-3006.0-7.1 salt-cloud-3006.0-7.1 salt-doc-3006.0-7.1 salt-fish-completion-3006.0-7.1 salt-master-3006.0-7.1 salt-minion-3006.0-7.1 salt-proxy-3006.0-7.1 salt-ssh-3006.0-7.1 salt-standalone-formulas-configuration-3006.0-7.1 salt-syndic-3006.0-7.1 salt-tests-3006.0-7.1 salt-transactional-update-3006.0-7.1 salt-zsh-completion-3006.0-7.1 python3-salt-3006.0-7.1 as a component of openSUSE Tumbleweed salt-3006.0-7.1 as a component of openSUSE Tumbleweed salt-api-3006.0-7.1 as a component of openSUSE Tumbleweed salt-bash-completion-3006.0-7.1 as a component of openSUSE Tumbleweed salt-cloud-3006.0-7.1 as a component of openSUSE Tumbleweed salt-doc-3006.0-7.1 as a component of openSUSE Tumbleweed salt-fish-completion-3006.0-7.1 as a component of openSUSE Tumbleweed salt-master-3006.0-7.1 as a component of openSUSE Tumbleweed salt-minion-3006.0-7.1 as a component of openSUSE Tumbleweed salt-proxy-3006.0-7.1 as a component of openSUSE Tumbleweed salt-ssh-3006.0-7.1 as a component of openSUSE Tumbleweed salt-standalone-formulas-configuration-3006.0-7.1 as a component of openSUSE Tumbleweed salt-syndic-3006.0-7.1 as a component of openSUSE Tumbleweed salt-tests-3006.0-7.1 as a component of openSUSE Tumbleweed salt-transactional-update-3006.0-7.1 as a component of openSUSE Tumbleweed salt-zsh-completion-3006.0-7.1 as a component of openSUSE Tumbleweed Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt master. CVE-2024-22231 openSUSE Tumbleweed:python3-salt-3006.0-7.1 openSUSE Tumbleweed:salt-3006.0-7.1 openSUSE Tumbleweed:salt-api-3006.0-7.1 openSUSE Tumbleweed:salt-bash-completion-3006.0-7.1 openSUSE Tumbleweed:salt-cloud-3006.0-7.1 openSUSE Tumbleweed:salt-doc-3006.0-7.1 openSUSE Tumbleweed:salt-fish-completion-3006.0-7.1 openSUSE Tumbleweed:salt-master-3006.0-7.1 openSUSE Tumbleweed:salt-minion-3006.0-7.1 openSUSE Tumbleweed:salt-proxy-3006.0-7.1 openSUSE Tumbleweed:salt-ssh-3006.0-7.1 openSUSE Tumbleweed:salt-standalone-formulas-configuration-3006.0-7.1 openSUSE Tumbleweed:salt-syndic-3006.0-7.1 openSUSE Tumbleweed:salt-tests-3006.0-7.1 openSUSE Tumbleweed:salt-transactional-update-3006.0-7.1 openSUSE Tumbleweed:salt-zsh-completion-3006.0-7.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-22231.html CVE-2024-22231 https://bugzilla.suse.com/1219430 SUSE Bug 1219430 A specially crafted url can be created which leads to a directory traversal in the salt file server. A malicious user can read an arbitrary file from a Salt master's filesystem. CVE-2024-22232 openSUSE Tumbleweed:python3-salt-3006.0-7.1 openSUSE Tumbleweed:salt-3006.0-7.1 openSUSE Tumbleweed:salt-api-3006.0-7.1 openSUSE Tumbleweed:salt-bash-completion-3006.0-7.1 openSUSE Tumbleweed:salt-cloud-3006.0-7.1 openSUSE Tumbleweed:salt-doc-3006.0-7.1 openSUSE Tumbleweed:salt-fish-completion-3006.0-7.1 openSUSE Tumbleweed:salt-master-3006.0-7.1 openSUSE Tumbleweed:salt-minion-3006.0-7.1 openSUSE Tumbleweed:salt-proxy-3006.0-7.1 openSUSE Tumbleweed:salt-ssh-3006.0-7.1 openSUSE Tumbleweed:salt-standalone-formulas-configuration-3006.0-7.1 openSUSE Tumbleweed:salt-syndic-3006.0-7.1 openSUSE Tumbleweed:salt-tests-3006.0-7.1 openSUSE Tumbleweed:salt-transactional-update-3006.0-7.1 openSUSE Tumbleweed:salt-zsh-completion-3006.0-7.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-22232.html CVE-2024-22232 https://bugzilla.suse.com/1219431 SUSE Bug 1219431