Security update for salt SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2026:20000-1 Final 1 1 2025-12-23T09:11:50Z current 2025-12-23T09:11:50Z 2025-12-23T09:11:50Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for salt This update for salt fixes the following issues: Changes in salt: - Add minimum_auth_version to enforce security (CVE-2025-62349) - Backport security fixes for vendored tornado * BDSA-2024-3438 * BDSA-2024-3439 * BDSA-2024-9026 - Junos module yaml loader fix (CVE-2025-62348) - Require Python dependencies only for used Python version - Fix TLS and x509 modules for OSes with older cryptography module - Fix Salt for Python > 3.11 (bsc#1252285, bsc#1252244) - Fix payload signature verification on Tumbleweed (bsc#1251776) - Fix broken symlink on migration to Leap 16.0 (bsc#1250755) - Use versioned python interpreter for salt-ssh - Fix known_hosts error on gitfs (bsc#1250520, bsc#1227207) - Revert require M2Crypto >= 0.44.0 for SUSE Family distros - Improve SL Micro 6.2 detection with grains - Fix the tests failing on AlmaLinux 10 and other clones The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Leap-16.0-118 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1227207 SUSE Bug 1227207 https://bugzilla.suse.com/1250520 SUSE Bug 1250520 https://bugzilla.suse.com/1250755 SUSE Bug 1250755 https://bugzilla.suse.com/1251776 SUSE Bug 1251776 https://bugzilla.suse.com/1252244 SUSE Bug 1252244 https://bugzilla.suse.com/1252285 SUSE Bug 1252285 https://www.suse.com/security/cve/CVE-2025-62348/ SUSE CVE CVE-2025-62348 page https://www.suse.com/security/cve/CVE-2025-62349/ SUSE CVE CVE-2025-62349 page openSUSE Leap 16.0 python313-salt-3006.0-160000.3.1 python313-salt-testsuite-3006.0-160000.3.1 salt-3006.0-160000.3.1 salt-api-3006.0-160000.3.1 salt-bash-completion-3006.0-160000.3.1 salt-cloud-3006.0-160000.3.1 salt-doc-3006.0-160000.3.1 salt-fish-completion-3006.0-160000.3.1 salt-master-3006.0-160000.3.1 salt-minion-3006.0-160000.3.1 salt-proxy-3006.0-160000.3.1 salt-ssh-3006.0-160000.3.1 salt-standalone-formulas-configuration-3006.0-160000.3.1 salt-syndic-3006.0-160000.3.1 salt-transactional-update-3006.0-160000.3.1 salt-zsh-completion-3006.0-160000.3.1 python313-salt-3006.0-160000.3.1 as a component of openSUSE Leap 16.0 python313-salt-testsuite-3006.0-160000.3.1 as a component of openSUSE Leap 16.0 salt-3006.0-160000.3.1 as a component of openSUSE Leap 16.0 salt-api-3006.0-160000.3.1 as a component of openSUSE Leap 16.0 salt-bash-completion-3006.0-160000.3.1 as a component of openSUSE Leap 16.0 salt-cloud-3006.0-160000.3.1 as a component of openSUSE Leap 16.0 salt-doc-3006.0-160000.3.1 as a component of openSUSE Leap 16.0 salt-fish-completion-3006.0-160000.3.1 as a component of openSUSE Leap 16.0 salt-master-3006.0-160000.3.1 as a component of openSUSE Leap 16.0 salt-minion-3006.0-160000.3.1 as a component of openSUSE Leap 16.0 salt-proxy-3006.0-160000.3.1 as a component of openSUSE Leap 16.0 salt-ssh-3006.0-160000.3.1 as a component of openSUSE Leap 16.0 salt-standalone-formulas-configuration-3006.0-160000.3.1 as a component of openSUSE Leap 16.0 salt-syndic-3006.0-160000.3.1 as a component of openSUSE Leap 16.0 salt-transactional-update-3006.0-160000.3.1 as a component of openSUSE Leap 16.0 salt-zsh-completion-3006.0-160000.3.1 as a component of openSUSE Leap 16.0 unknown CVE-2025-62348 openSUSE Leap 16.0:python313-salt-3006.0-160000.3.1 openSUSE Leap 16.0:python313-salt-testsuite-3006.0-160000.3.1 openSUSE Leap 16.0:salt-3006.0-160000.3.1 openSUSE Leap 16.0:salt-api-3006.0-160000.3.1 openSUSE Leap 16.0:salt-bash-completion-3006.0-160000.3.1 openSUSE Leap 16.0:salt-cloud-3006.0-160000.3.1 openSUSE Leap 16.0:salt-doc-3006.0-160000.3.1 openSUSE Leap 16.0:salt-fish-completion-3006.0-160000.3.1 openSUSE Leap 16.0:salt-master-3006.0-160000.3.1 openSUSE Leap 16.0:salt-minion-3006.0-160000.3.1 openSUSE Leap 16.0:salt-proxy-3006.0-160000.3.1 openSUSE Leap 16.0:salt-ssh-3006.0-160000.3.1 openSUSE Leap 16.0:salt-standalone-formulas-configuration-3006.0-160000.3.1 openSUSE Leap 16.0:salt-syndic-3006.0-160000.3.1 openSUSE Leap 16.0:salt-transactional-update-3006.0-160000.3.1 openSUSE Leap 16.0:salt-zsh-completion-3006.0-160000.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-62348.html CVE-2025-62348 https://bugzilla.suse.com/1254256 SUSE Bug 1254256 unknown CVE-2025-62349 openSUSE Leap 16.0:python313-salt-3006.0-160000.3.1 openSUSE Leap 16.0:python313-salt-testsuite-3006.0-160000.3.1 openSUSE Leap 16.0:salt-3006.0-160000.3.1 openSUSE Leap 16.0:salt-api-3006.0-160000.3.1 openSUSE Leap 16.0:salt-bash-completion-3006.0-160000.3.1 openSUSE Leap 16.0:salt-cloud-3006.0-160000.3.1 openSUSE Leap 16.0:salt-doc-3006.0-160000.3.1 openSUSE Leap 16.0:salt-fish-completion-3006.0-160000.3.1 openSUSE Leap 16.0:salt-master-3006.0-160000.3.1 openSUSE Leap 16.0:salt-minion-3006.0-160000.3.1 openSUSE Leap 16.0:salt-proxy-3006.0-160000.3.1 openSUSE Leap 16.0:salt-ssh-3006.0-160000.3.1 openSUSE Leap 16.0:salt-standalone-formulas-configuration-3006.0-160000.3.1 openSUSE Leap 16.0:salt-syndic-3006.0-160000.3.1 openSUSE Leap 16.0:salt-transactional-update-3006.0-160000.3.1 openSUSE Leap 16.0:salt-zsh-completion-3006.0-160000.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-62349.html CVE-2025-62349 https://bugzilla.suse.com/1254257 SUSE Bug 1254257