{"affected":[{"ecosystem_specific":{"binaries":[{"venv-salt-minion":"3006.0-3.52.3"}]},"package":{"ecosystem":"SUSE:Manager Client Tools 12","name":"venv-salt-minion","purl":"pkg:rpm/suse/venv-salt-minion&distro=SUSE%20Manager%20Client%20Tools%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3006.0-3.52.3"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update fixes the following issues:\n\nvenv-salt-minion:\n\n- Security issues fixed:\n\n  * CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master (bsc#1219430)\n  * CVE-2024-22232: Prevent directory traversal attacks in the master's serve_file method (bsc#1219431)\n    \n- Bugs fixed:\n\n  * Convert oscap output to UTF-8\n  * Make Salt compatible with Python 3.11\n  * Ignore non-ascii chars in oscap output (bsc#1219001)\n  * Fix detected issues in Salt tests when running on VMs\n  * Make importing seco.range thread safe (bsc#1211649)\n  * Fix problematic tests and allow smooth tests executions on containers\n  * Discover Ansible playbook files as '*.yml' or '*.yaml' files (bsc#1211888)\n  * Prevent exceptions with fileserver.update when called via state (bsc#1218482)\n  * Improve pip target override condition with VENV_PIP_TARGET environment variable (bsc#1216850)\n  * Fixed KeyError in logs when running a state that fails\n","id":"SUSE-SU-2024:1517-1","modified":"2024-05-06T09:49:02Z","published":"2024-05-06T09:49:02Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20241517-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1211649"},{"type":"REPORT","url":"https://bugzilla.suse.com/1211888"},{"type":"REPORT","url":"https://bugzilla.suse.com/1216850"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218482"},{"type":"REPORT","url":"https://bugzilla.suse.com/1219001"},{"type":"REPORT","url":"https://bugzilla.suse.com/1219430"},{"type":"REPORT","url":"https://bugzilla.suse.com/1219431"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-22231"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-22232"}],"related":["CVE-2024-22231","CVE-2024-22232"],"summary":"Security update for SUSE Manager Salt Bundle","upstream":["CVE-2024-22231","CVE-2024-22232"]}