Security update for salt
SUSE Patch
security@suse.de
SUSE Security Team
SUSE-SU-2017:2666-1
Final
1
1
2017-10-09T13:38:05Z
current
2017-10-09T13:38:05Z
2017-10-09T13:38:05Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for salt
This update for salt fixes one security issue and bugs.
The following security issue has been fixed:
- CVE-2017-12791: Directory traversal vulnerability in minion id validation
allowed remote minions with incorrect credentials to authenticate to a master
via a crafted minion ID (bsc#1053955).
Additionally, the following non-security issues have been fixed:
- Added support for SUSE Manager scalability features. (bsc#1052264)
- Introduced the kubernetes module. (bsc#1051948)
- Notify systemd synchronously via NOTIFY_SOCKET. (bsc#1053376)
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
slesctsp3-salt-13304,slesctsp4-salt-13304
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://www.suse.com/support/update/announcement/2017/suse-su-20172666-1/
Link for SUSE-SU-2017:2666-1
https://lists.suse.com/pipermail/sle-security-updates/2017-October/003279.html
E-Mail link for SUSE-SU-2017:2666-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1051948
SUSE Bug 1051948
https://bugzilla.suse.com/1052264
SUSE Bug 1052264
https://bugzilla.suse.com/1053376
SUSE Bug 1053376
https://bugzilla.suse.com/1053955
SUSE Bug 1053955
https://www.suse.com/security/cve/CVE-2017-12791/
SUSE CVE CVE-2017-12791 page
SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS
SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS
salt-2016.11.4-43.7.1
salt-doc-2016.11.4-43.7.1
salt-minion-2016.11.4-43.7.1
salt-2016.11.4-43.7.1 as a component of SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS
salt-doc-2016.11.4-43.7.1 as a component of SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS
salt-minion-2016.11.4-43.7.1 as a component of SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS
salt-2016.11.4-43.7.1 as a component of SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS
salt-doc-2016.11.4-43.7.1 as a component of SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS
salt-minion-2016.11.4-43.7.1 as a component of SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.
CVE-2017-12791
SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-2016.11.4-43.7.1
SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-doc-2016.11.4-43.7.1
SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:salt-minion-2016.11.4-43.7.1
SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-2016.11.4-43.7.1
SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-doc-2016.11.4-43.7.1
SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:salt-minion-2016.11.4-43.7.1
moderate
4
AV:N/AC:L/Au:S/C:P/I:N/A:N
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2017/suse-su-20172666-1/
https://www.suse.com/security/cve/CVE-2017-12791.html
CVE-2017-12791
https://bugzilla.suse.com/1053955
SUSE Bug 1053955
https://bugzilla.suse.com/1062462
SUSE Bug 1062462